CVE-2020-27223

Beschreibung:
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

CWE: CWE-400

CVSS-Bewertung
CVSS 2: MEDIUM – 4.3 (Version: 2.0)
CVSS 3: MEDIUM – 5.3 (Version: 3.1)

Links:

NVD – CVE-2020-27223
CVE – CVE-2020-27223

Link (max. 20) Quelle Tags
https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128 CONFIRM Vendor Advisory Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7 CONFIRM Third Party Advisory Third Party Advisory
[karaf-user] 20210301 Re: Jetty security defect MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-dev] 20210302 [jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr opened a new pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[druid-commits] 20210302 [GitHub] [druid] a2l007 opened a new pull request #10937: Upgrade jetty to latest version MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] ableegoldman commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] omkreddy closed pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-dev] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.8 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.6 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-jira] 20210302 [jira] [Resolved] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
[kafka-commits] 20210302 [kafka] branch 2.7 updated: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223 MLIST Mailing List Third Party Advisory
https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d6accd23f5295b6dd1@%3Cdev.kafka.apache.org%3E MISC Mailing List Third Party Advisory
https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c47a1202f7d70291614@%3Cdev.kafka.apache.org%3E MISC Mailing List Third Party Advisory
[activemq-gitbox] 20210303 [GitHub] [activemq] ehossack-aws opened a new pull request #616: Upgrade to Jetty 9.4.38.v20210224 MLIST Mailing List Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg commented on pull request #1623: ZOOKEEPER-4233: dependency-check:check failing – Jetty 9.4.35.v20201120 – CVE-2020-27223 MLIST Mailing List Third Party Advisory
[zookeeper-notifications] 20210307 [GitHub] [zookeeper] ztzg opened a new pull request #1624: ZOOKEEPER-4233: dependency-check:check failing – Jetty 9.4.35.v20201120 – CVE-2020-27223 MLIST Mailing List Third Party Advisory

Quelle: NVD – CVE-2020-27223
Datum Veröffentlichung: 2021-02-26T22:15Z, Datum letzte Änderung: 2021-05-07T16:15Z