Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2018-12545

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
eclipse / jetty 9.3.0-rc0 9.3.0-rc0.x
eclipse / jetty 9.3.4-rc1 9.3.4-rc1.x
eclipse / jetty 9.3.4-rc0 9.3.4-rc0.x
eclipse / jetty 9.3.0-rc1 9.3.0-rc1.x
eclipse / jetty 9.3.7-rc0 9.3.7-rc0.x
eclipse / jetty 9.3.8-rc0 9.3.8-rc0.x
eclipse / jetty 9.3.7-rc1 9.3.7-rc1.x
eclipse / jetty 9.3.0-20150601 9.3.0-20150601.x
eclipse / jetty 9.3.0-20150608 9.3.0-20150608.x
eclipse / jetty 9.3.0-20150612 9.3.0-20150612.x
eclipse / jetty 9.3.1-20150714 9.3.1-20150714.x
eclipse / jetty 9.3.2-20150730 9.3.2-20150730.x
eclipse / jetty 9.3.3-20150825 9.3.3-20150825.x
eclipse / jetty 9.3.3-20150827 9.3.3-20150827.x
eclipse / jetty 9.3.4-20151007 9.3.4-20151007.x
eclipse / jetty 9.3.4-20151005 9.3.4-20151005.x
eclipse / jetty 9.3.5-20151012 9.3.5-20151012.x
eclipse / jetty 9.3.6-20151106 9.3.6-20151106.x
eclipse / jetty 9.3.7-20160115 9.3.7-20160115.x
eclipse / jetty 9.3.8-20160311 9.3.8-20160311.x
eclipse / jetty 9.3.8-20160314 9.3.8-20160314.x
eclipse / jetty 9.3.9-20160517 9.3.9-20160517.x
eclipse / jetty 9.3.9-maintenance_0 9.3.9-maintenance_0.x
eclipse / jetty 9.3.9-maintenance_1 9.3.9-maintenance_1.x
eclipse / jetty 9.3.10-20160621 9.3.10-20160621.x
eclipse / jetty 9.3.10-maintenance_0 9.3.10-maintenance_0.x
eclipse / jetty 9.3.11-20160721 9.3.11-20160721.x
eclipse / jetty 9.3.11-maintenance_0 9.3.11-maintenance_0.x
eclipse / jetty 9.3.12-20160915 9.3.12-20160915.x
eclipse / jetty 9.3.13-20161014 9.3.13-20161014.x
eclipse / jetty 9.3.13-maintenance_0 9.3.13-maintenance_0.x
eclipse / jetty 9.3.14-20161028 9.3.14-20161028.x
eclipse / jetty 9.3.15-20161220 9.3.15-20161220.x
eclipse / jetty 9.3.16-20170119 9.3.16-20170119.x
eclipse / jetty 9.3.16-20170120 9.3.16-20170120.x
eclipse / jetty 9.3.17-20170317 9.3.17-20170317.x
eclipse / jetty 9.3.17-rc0 9.3.17-rc0.x
eclipse / jetty 9.3.18-20170406 9.3.18-20170406.x
eclipse / jetty 9.3.19-20170502 9.3.19-20170502.x
eclipse / jetty 9.3.20-20170531 9.3.20-20170531.x
eclipse / jetty 9.3.21-maintenance_0 9.3.21-maintenance_0.x
eclipse / jetty 9.3.21-rc0 9.3.21-rc0.x
eclipse / jetty 9.3.21-20170918 9.3.21-20170918.x
eclipse / jetty 9.3.22-20171030 9.3.22-20171030.x
eclipse / jetty 9.3.23-20180228 9.3.23-20180228.x
eclipse / jetty 9.3.24-20180605 9.3.24-20180605.x
eclipse / jetty 9.4.0-maintenance_0 9.4.0-maintenance_0.x
eclipse / jetty 9.4.0-maintenance_1 9.4.0-maintenance_1.x
eclipse / jetty 9.4.0-rc0 9.4.0-rc0.x
eclipse / jetty 9.4.0-rc1 9.4.0-rc1.x
eclipse / jetty 9.4.0-rc2 9.4.0-rc2.x
eclipse / jetty 9.4.0-rc3 9.4.0-rc3.x
eclipse / jetty 9.4.0-20161207 9.4.0-20161207.x
eclipse / jetty 9.4.0-20161208 9.4.0-20161208.x
eclipse / jetty 9.4.0-20180619 9.4.0-20180619.x
eclipse / jetty 9.4.1-20170120 9.4.1-20170120.x
eclipse / jetty 9.4.1-20180619 9.4.1-20180619.x
eclipse / jetty 9.4.2-20170220 9.4.2-20170220.x
eclipse / jetty 9.4.2-20180619 9.4.2-20180619.x
eclipse / jetty 9.4.3-20170317 9.4.3-20170317.x
eclipse / jetty 9.4.3-20180619 9.4.3-20180619.x
eclipse / jetty 9.4.4-20170410 9.4.4-20170410.x
eclipse / jetty 9.4.4-20170414 9.4.4-20170414.x
eclipse / jetty 9.4.4-20180619 9.4.4-20180619.x
eclipse / jetty 9.4.5-20170502 9.4.5-20170502.x
eclipse / jetty 9.4.5-20180619 9.4.5-20180619.x
eclipse / jetty 9.4.6-20170531 9.4.6-20170531.x
eclipse / jetty 9.4.6-20180619 9.4.6-20180619.x
eclipse / jetty 9.4.7-20170914 9.4.7-20170914.x
eclipse / jetty 9.4.7-20180619 9.4.7-20180619.x
eclipse / jetty 9.4.7-rc0 9.4.7-rc0.x
eclipse / jetty 9.4.8-20171121 9.4.8-20171121.x
eclipse / jetty 9.4.8-20180619 9.4.8-20180619.x
eclipse / jetty 9.4.9-20180320 9.4.9-20180320.x
eclipse / jetty 9.4.10-20180503 9.4.10-20180503.x
eclipse / jetty 9.4.10-rc0 9.4.10-rc0.x
eclipse / jetty 9.4.10-rc1 9.4.10-rc1.x
eclipse / jetty 9.4.11-20180605 9.4.11-20180605.x
eclipse / jetty 9.4.12-rc0 9.4.12-rc0.x
eclipse / jetty 9.4.12-rc1 9.4.12-rc1.x
eclipse / jetty 9.4.12-rc2 9.4.12-rc2.x
eclipse / jetty 9.3.0-maintenance2 9.3.0-maintenance2.x
eclipse / jetty 9.3.0-maintenance0 9.3.0-maintenance0.x
eclipse / jetty 9.3.0-maintenance1 9.3.0-maintenance1.x
fedoraproject / fedora 28 28.x
org.eclipse.jetty / jetty-server 9.4.0 9.4.12.v20180830
org.eclipse.jetty / jetty-server 9.3.0 9.3.25.v20180904