In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-02-26 22:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-27223
Mitre link : CVE-2020-27223
CVE.ORG link : CVE-2020-27223
JSON object : View
Products Affected
netapp
- element_plug-in_for_vcenter_server
- e-series_santricity_web_services
- hci_management_node
- snapmanager
- hci
- management_services_for_element_software
- snapcenter
- e-series_santricity_os_controller
- solidfire
- snap_creator_framework
apache
- spark
- solr
- nifi
eclipse
- jetty
oracle
- rest_data_services
debian
- debian_linux