eclipse jetty CVE-2018-12545 in Eclipse and Fedora Project Products
Published on March 27, 2019

product logo product logo
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Vendor Advisory NVD

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2018-12545 has been classified to as a Resource Exhaustion vulnerability or weakness.


Products Associated with CVE-2018-12545

stack.watch emails you whenever new vulnerabilities are published in Eclipse Jetty or Fedora Project Fedora. Just hit a watch button to start following.

Eclipse Jetty
 
Fedora Project Fedora
 

Affected Versions

The Eclipse Foundation Eclipse Jetty:

Exploit Probability

EPSS
3.03%
Percentile
86.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.