CVE-2021-28165

Published Apr 1, 2021

Last updated a year ago

CVSS high 7.5

Overview

Description: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Source: emo@eclipse.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-755
emo@eclipse.org: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A69D5FF1-A151-4AF6-B5E6-35EB45DC1852",
            "versionEndExcluding": "9.4.39",
            "versionStartIncluding": "7.2.2"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3008A0E3-FBFC-49AA-8867-16BD10B125DB",
            "versionEndExcluding": "10.0.2",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8688FE-13CC-4598-913D-50EB38DDCBEC",
            "versionEndExcluding": "11.0.2",
            "versionStartIncluding": "11.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F80CB000-C477-486C-838C-B2FE82647670",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "349C4D65-23E9-446A-8A36-94FF55686812",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E43770-8F83-4077-9EB0-3BF4A19A2E75",
            "versionEndExcluding": "21.3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8",
            "versionEndIncluding": "21.9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E071B1A-A339-4622-9150-59F62B151353",
            "versionEndExcluding": "2.277.3"
          },
          {
            "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB777690-DCA0-4E68-B30E-E997A1281D4E",
            "versionEndExcluding": "2.286"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:cloud_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C30E9A12-5B7B-42F6-B9D3-18DA133E5F4E",
            "versionEndExcluding": "3.9.8"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC05F69D-6C6B-472D-87B7-84231F14CA8B",
            "versionEndExcluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D179365A-1E70-4B07-B882-FD082FE2AA58",
            "versionEndExcluding": "11.70.1",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_storage:*:*:*:*:*:vcenter:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3930F108-9019-4B4A-8918-6CE9F58551D2",
            "versionEndExcluding": "1.10"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCB4EAC3-3114-43DF-89DA-879C7C578FB4",
            "versionEndExcluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:netapp:ontap_tools:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28AE83F-D666-4EDC-A276-F78F3A73D716",
            "versionEndExcluding": "9.10"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_web_services_proxy:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A21FA571-8C10-4633-802D-6C20A8290145",
            "versionEndExcluding": "5.1"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04A544A2-C80D-488B-AC04-104F9FB3FA85",
            "versionEndExcluding": "4.6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20E0A1CE-7467-4EAC-877D-D6D473AE0AA2",
            "versionEndExcluding": "9.10"
          },
          {
            "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BC51CBC-4973-4145-945C-56035034D772",
            "versionEndExcluding": "9.10"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References