CVE-2021-28165

Beschreibung:
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

CWE: CWE-400

CVSS-Bewertung
CVSS 2: HIGH – 7.8 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)

Links:

NVD – CVE-2021-28165
CVE – CVE-2021-28165

Link (max. 20) Quelle Tags
https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w CONFIRM Exploit Third Party Advisory Third Party Advisory Vendor Advisory
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST Vendor Advisory Third Party Advisory Vendor Advisory
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST Third Party Advisory VDB Entry
[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing – jetty-server-9.4.39 CVE-2021-28165 MLIST Vendor Advisory
[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing – jetty-server-9.4.39 CVE-2021-28165 MLIST Vendor Advisory Third Party Advisory
[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing – jetty-server-9.4.39 CVE-2021-28165 MLIST Vendor Advisory
[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing – jetty-server-9.4.39 CVE-2021-28165 MLIST Mailing List Third Party Advisory
[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing – jetty-server-9.4.38 CVE-2021-28165 MLIST
[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST
[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165 MLIST

Quelle: NVD – CVE-2021-28165
Datum Veröffentlichung: 2021-04-01T15:15Z, Datum letzte Änderung: 2021-05-07T16:15Z