In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HEclipse Jetty
APPEclipse7.2.2 – 9.4.39 (bez)10.0.0 – 10.0.2 (bez)11.0.0 – 11.0.2 (bez)Jenkins
APPJenkins< 2.286< 2.277.3Netapp Cloud Manager
APPNetapp< 3.9.8Netapp E Series Performance Analyzer
APPNetapp< 3.0Netapp E Series Santricity Os Controller
APPNetapp11.0.0 – 11.70.1 (bez)Netapp E Series Santricity Storage
APPNetapp< 1.10Netapp E Series Santricity Web Services
APPNetapp< 5.1Netapp Ontap Tools
APPNetapp< 9.10Netapp Santricity Cloud Connector
APPNetappwszystkie wersjeNetapp Santricity Web Services Proxy
APPNetapp< 5.1Netapp Snapcenter
APPNetapp< 4.6Netapp Storage Replication Adapter For Clustered Data Ontap
APPNetapp< 9.10Netapp Vasa Provider For Clustered Data Ontap
APPNetapp< 9.10Oracle Autovue For Agile Product Lifecycle Management
APPOracle21.0.2Oracle Communications Cloud Native Core Policy
APPOracle1.14.0Oracle Communications Element Manager
APPOracle8.2.2Oracle Communications Services Gatekeeper
APPOracle7.0Oracle Communications Session Report Manager
APPOracle8.0.0.0 – 8.2.4.0Oracle Communications Session Route Manager
APPOracle8.0.0.0 – 8.2.4.0Oracle Rest Data Services
APPOracle< 21.3Oracle Siebel Core Automation
APPOracle≤ 21.9
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Referencje
Powiązane podatności
CVE-2024-23897CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Jenkins CLI – odczyt dowolnych plików przez path traversal bez uwierzytelnienia
CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2020-1938CRITICAL9.8⚠ KEVten sam produkt
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...