CVE-2018-12545

CVE-2018-12545

Vendor The Eclipse Foundation

Product Eclipse Jetty

Weakness CWE-400

Published March 27, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Key dates

02Disclosure timeline

March 27, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-12545 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/400.html

Related vulnerabilities

Identifiers

CVE CVE-2018-12545

CWE CWE-400

Affected versions

Vendor The Eclipse Foundation

Product Eclipse Jetty

Affected ≥ 9.3.0 and < unspecified

Vendor The Eclipse Foundation

Product Eclipse Jetty

Affected ≥ unspecified and < 9.4.12

01Description

02Disclosure timeline

03References

04Related CVE