Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Eclipse Jetty DoS Vulnerability (GHSA-m394-8rww-3jr7) - Linux
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Eclipse Jetty is prone to a denial of service (DoS) vulnerability.
Insight
Insight
When Jetty handles a request containing request headers with a large number of 'quality' (i.e. q) parameters (such as what are seen on the Accept, Accept-Encoding, and Accept-Language request headers), the server may enter a denial of service (DoS) state due to high CPU usage while sorting the list of values based on their quality values. A single request can easily consume minutes of CPU time before it is even dispatched to the application. See the referenced vendor advisory for further information.
Affected Software
Affected Software
Eclipse Jetty versions 9.4.6.v20170531 - 9.4.36.v20210114, 10.0.0 and 11.0.0.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 9.4.37.v20210219, 10.0.1, 11.0.1 or later.