Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xeHA0LTI3dngteG1tM84AAUC0
Improper Input Validation in Jetty
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Permalink: https://github.com/advisories/GHSA-qxp4-27vx-xmm3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xeHA0LTI3dngteG1tM84AAUC0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 7 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Identifiers: GHSA-qxp4-27vx-xmm3, CVE-2011-4461
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4461
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72017
- http://marc.info/?l=bugtraq&m=143387688830075&w=2
- http://www.kb.cert.org/vuls/id/903934
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.ubuntu.com/usn/USN-1429-1
- https://github.com/eclipse/jetty.project/commit/085c79d7d6cfbccc02821ffdb64968593df3e0bf
- https://security.netapp.com/advisory/ntap-20190307-0004
- https://github.com/advisories/GHSA-qxp4-27vx-xmm3
Blast Radius: 24.1
Affected Packages
maven:org.eclipse.jetty:jetty-server
Dependent packages: 3,819Dependent repositories: 34,580
Downloads:
Affected Version Ranges: <= 8.1.0.RC2
Fixed in: 8.1.0.RC4
All affected versions:
All unaffected versions: 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.15, 10.0.16, 10.0.17, 10.0.18, 10.0.19, 10.0.20, 10.0.21, 10.0.22, 10.0.23, 10.0.24, 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 11.0.9, 11.0.10, 11.0.11, 11.0.12, 11.0.13, 11.0.14, 11.0.15, 11.0.16, 11.0.17, 11.0.18, 11.0.19, 11.0.20, 11.0.21, 11.0.22, 11.0.23, 11.0.24, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8, 12.0.9, 12.0.10, 12.0.11, 12.0.12, 12.0.13, 12.0.14