CVE-2018-12545

Published Mar 27, 2019
Last updated a year ago
CVSS high 7.5
Overview

Description: In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
Source: emo@eclipse.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-770
emo@eclipse.org: CWE-400
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E548698-6582-4598-A832-B64483B8D2D1"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14AA2E29-F543-4B80-B8DD-F76187E63A3C"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B74BDCF-AF80-4679-8915-7D01E90BF4D1"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "580A8553-56D1-41F3-A8A9-5698D3FA7F12"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2784485-FE0D-454D-B4EC-9F91EE396AB0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0AD7F68-96BD-442F-BC36-091D19BC1AC9"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34269139-FB46-4EF8-BE3A-7B130F25B5E5"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77FD0118-11CC-41AB-9B12-030B1F6F8EBF"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4D8788C-C718-479B-B441-B3C40F261CE3"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFB22D92-F41A-4C35-8FD6-1A57E9A25132"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58368FE2-71A7-470B-A918-E5DB97EE5176"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "612EB189-F829-4426-90CE-EBD75F91E652"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56472E25-401A-411D-9A13-3EAB65025DFE"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "525AC31D-F470-4E09-88D8-261FFEA88C50"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5B32089-B410-4D62-8751-8341CC696F40"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9781FB3C-386A-4CB8-B330-B707E8F56F55"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "880FD5EC-D796-4232-B587-A99F80FDB68E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52DFC06-3B44-4675-B7BA-18535B1499C8"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83292226-E45E-4B13-963B-36FE18815939"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A5D6F9A-3326-4C74-932D-DDE4AD900D1E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC9739B3-070C-4D1D-BD44-E16DC23D5F3A"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6C07F9D-27C0-4A56-97EE-D0392CFEEB96"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B466BB1-D312-4F4A-9A96-1F88620A970D"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0279CFA-12F5-4D73-9136-3EC240F14107"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47C060B9-CEED-4D24-BC47-FE1AF604A72C"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF745A33-0FEF-47E6-B549-8349C6D63B3E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "363C327A-B383-4D07-9442-55254D3284E3"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDCF78F5-AC04-4F98-A57B-0C60C184589A"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B655ED4D-1A48-414B-AD5B-AC08644CE7E9"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "516E3314-C528-4DEF-B673-829094612C05"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "384F3A83-DDD5-4DC2-8257-F3A14BFD79E1"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2688CA0E-2A36-4BAA-88CA-CA00DDA276EA"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6482DF67-9178-409D-A522-68ACF3D08208"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEC43E92-04B8-4F90-82C8-6DD2255B2652"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BEF4B04-1014-400E-8EAA-EA3DFE968D41"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1547494-C1A0-4755-8C0F-53F4084A1ADD"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0220E37B-EEBC-4641-AD1C-245DC249F51B"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCCC8914-C758-4312-8AA2-B466D5B6C00F"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E449FD93-CD5D-4896-9CE1-DB42BB83A071"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED6F20D8-2C63-47BD-886B-0684EEF89FF0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B12BEFDE-9FB2-42E9-9638-F459FE274935"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B755E3B-A128-436E-8EE7-98C7F9194D34"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8029B2F-D88D-4BB3-9BD2-54EE034A0C18"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2560BAF-E379-477A-BF68-C836543920C0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BD9164B-4AB4-450C-B3D9-1F14C15ABE67"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A59914E6-D3B8-4289-BE31-0AD2EDC81E85"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "430CDEEE-28CE-4712-AF95-6790775C4028"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A748119F-A5A1-4428-9BC0-1A8BE09C975C"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09CE1987-E5E5-4F54-BC6E-245F4F02EA60"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3D958FD-DD4D-4732-BE86-7E254E1AAE0E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A266E261-7C7D-4C1D-BE6D-81FC5D85886D"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35251CD8-A1E6-445C-8D5F-9ABC61D84B35"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51115706-5A47-4ABF-AC19-274FFEC6C055"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0F44C93-7916-49FC-93C5-C215D6C279BF"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2F9C9C5-0196-4B28-BB68-344E6DBE189A"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFCB17E7-B40B-49B9-9353-EE06FC9C08E8"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C917FAC-2489-4B2D-89A6-CF9E47B6983D"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "387ABF04-9630-4016-B627-E35547970637"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8346B11B-55C9-4043-AF27-138CFCC64850"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "031909CF-1F8B-494A-9A0A-E6B88ECD9E2F"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "965AEAF6-AC84-4745-9707-BBB515C80FB7"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "502FFF92-072B-451A-ADA8-5FCA59362C47"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59E72F2E-48C8-410C-BC9D-732F6E22BA27"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DA38E7D-AB43-4384-A78E-820B46093345"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94C62E25-9929-46E0-8712-2D84DB9811ED"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57480EC4-3D0F-4AD6-BC9C-162702C58336"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "492760AF-E6C3-490B-B3E9-F354BAFA9B7E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "788DD7CA-B34B-4036-86BB-80A9361BE4C6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
