Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveEclipseCVE-2018-12545
HistoryMar 27, 2019 - 8:29 p.m.

CVE-2018-12545

2019-03-2720:29:03
CWE-770
CWE-400
eclipse
web.nvd.nist.gov
76
3
eclipse jetty
cve-2018-12545
denial of service
dos
nvd
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Affected configurations

Nvd
Node
eclipsejettyMatch9.3.020150601
OR
eclipsejettyMatch9.3.020150608
OR
eclipsejettyMatch9.3.020150612
OR
eclipsejettyMatch9.3.0maintenance0
OR
eclipsejettyMatch9.3.0maintenance1
OR
eclipsejettyMatch9.3.0maintenance2
OR
eclipsejettyMatch9.3.0rc0
OR
eclipsejettyMatch9.3.0rc1
OR
eclipsejettyMatch9.3.120150714
OR
eclipsejettyMatch9.3.220150730
OR
eclipsejettyMatch9.3.320150825
OR
eclipsejettyMatch9.3.320150827
OR
eclipsejettyMatch9.3.420151005
OR
eclipsejettyMatch9.3.420151007
OR
eclipsejettyMatch9.3.4rc0
OR
eclipsejettyMatch9.3.4rc1
OR
eclipsejettyMatch9.3.520151012
OR
eclipsejettyMatch9.3.620151106
OR
eclipsejettyMatch9.3.720160115
OR
eclipsejettyMatch9.3.7rc0
OR
eclipsejettyMatch9.3.7rc1
OR
eclipsejettyMatch9.3.820160311
OR
eclipsejettyMatch9.3.820160314
OR
eclipsejettyMatch9.3.8rc0
OR
eclipsejettyMatch9.3.920160517
OR
eclipsejettyMatch9.3.9maintenance_0
OR
eclipsejettyMatch9.3.9maintenance_1
OR
eclipsejettyMatch9.3.1020160621
OR
eclipsejettyMatch9.3.10maintenance_0
OR
eclipsejettyMatch9.3.1120160721
OR
eclipsejettyMatch9.3.11maintenance_0
OR
eclipsejettyMatch9.3.1220160915
OR
eclipsejettyMatch9.3.1320161014
OR
eclipsejettyMatch9.3.13maintenance_0
OR
eclipsejettyMatch9.3.1420161028
OR
eclipsejettyMatch9.3.1520161220
OR
eclipsejettyMatch9.3.1620170119
OR
eclipsejettyMatch9.3.1620170120
OR
eclipsejettyMatch9.3.1720170317
OR
eclipsejettyMatch9.3.17rc0
OR
eclipsejettyMatch9.3.1820170406
OR
eclipsejettyMatch9.3.1920170502
OR
eclipsejettyMatch9.3.2020170531
OR
eclipsejettyMatch9.3.2120170918
OR
eclipsejettyMatch9.3.21maintenance_0
OR
eclipsejettyMatch9.3.21rc0
OR
eclipsejettyMatch9.3.2220171030
OR
eclipsejettyMatch9.3.2320180228
OR
eclipsejettyMatch9.3.2420180605
OR
eclipsejettyMatch9.4.020161207
OR
eclipsejettyMatch9.4.020161208
OR
eclipsejettyMatch9.4.020180619
OR
eclipsejettyMatch9.4.0maintenance_0
OR
eclipsejettyMatch9.4.0maintenance_1
OR
eclipsejettyMatch9.4.0rc0
OR
eclipsejettyMatch9.4.0rc1
OR
eclipsejettyMatch9.4.0rc2
OR
eclipsejettyMatch9.4.0rc3
OR
eclipsejettyMatch9.4.120170120
OR
eclipsejettyMatch9.4.120180619
OR
eclipsejettyMatch9.4.220170220
OR
eclipsejettyMatch9.4.220180619
OR
eclipsejettyMatch9.4.320170317
OR
eclipsejettyMatch9.4.320180619
OR
eclipsejettyMatch9.4.420170410
OR
eclipsejettyMatch9.4.420170414
OR
eclipsejettyMatch9.4.420180619
OR
eclipsejettyMatch9.4.520170502
OR
eclipsejettyMatch9.4.520180619
OR
eclipsejettyMatch9.4.620170531
OR
eclipsejettyMatch9.4.620180619
OR
eclipsejettyMatch9.4.720170914
OR
eclipsejettyMatch9.4.720180619
OR
eclipsejettyMatch9.4.7rc0
OR
eclipsejettyMatch9.4.820171121
OR
eclipsejettyMatch9.4.820180619
OR
eclipsejettyMatch9.4.920180320
OR
eclipsejettyMatch9.4.1020180503
OR
eclipsejettyMatch9.4.10rc0
OR
eclipsejettyMatch9.4.10rc1
OR
eclipsejettyMatch9.4.1120180605
OR
eclipsejettyMatch9.4.12rc0
OR
eclipsejettyMatch9.4.12rc1
OR
eclipsejettyMatch9.4.12rc2
Node
fedoraprojectfedoraMatch28
VendorProductVersionCPE
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*
eclipsejetty9.3.0cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*
eclipsejetty9.3.1cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*
eclipsejetty9.3.2cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*
Rows per page:
1-10 of 851

CNA Affected

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "9.4.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

Social References

More

Related

ibm 13
veracode 1
osv 2
openvas 1
fedora 1
debiancve 1
nvd 1
redhatcve 1
checkpoint_advisories 1
nessus 2
ubuntucve 1
prion 1
cvelist 1
github 1
oracle 2
ibm
ibm
Security Bulletin: IBM Process Mining is vulnerable to DOS due to Eclipse Jetty CVE-2018-12545
2023-02-01 21:34:35
Security Bulletin: Vulnerability in Eclipse Jetty affecting Rational Functional Tester
2019-09-17 19:17:14
Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545)
2019-07-16 05:10:02
veracode
veracode
Denial Of Service (DoS)
2019-07-08 08:31:17
osv
osv
CVE-2018-12545
2019-03-27 20:29:03
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
2019-03-28 18:33:38
openvas
openvas
Fedora Update for jetty FEDORA-2019-d9f867cb65
2019-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: jetty-9.4.11-3.v20180605.fc28
2019-05-03 01:36:11
debiancve
debiancve
CVE-2018-12545
2019-03-27 20:29:03
nvd
nvd
CVE-2018-12545
2019-03-27 20:29:03
redhatcve
redhatcve
CVE-2018-12545
2019-04-04 06:20:00
checkpoint_advisories
checkpoint_advisories
Eclipse Jetty Denial-of-service (CVE-2018-12545)
2019-11-25 00:00:00
nessus
nessus
Fedora 28 : jetty (2019-d9f867cb65)
2019-05-03 00:00:00
RHEL 7 : nutch (Unpatched Vulnerability)
2024-06-03 00:00:00
ubuntucve
ubuntucve
CVE-2018-12545
2019-03-27 00:00:00
prion
prion
Design/Logic Flaw
2019-03-27 20:29:00
cvelist
cvelist
CVE-2018-12545
2019-03-27 19:21:37
github
github
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
2019-03-28 18:33:38
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.041

Percentile

92.3%

JSON
Related for CVE-2018-12545
ibm13veracode1osv2openvas1fedora1debiancve1nvd1redhatcve1checkpoint_advisories1nessus2ubuntucve1prion1cvelist1github1oracle2