CVE-2018-12545
- Source
- https://cve.org/CVERecord?id=CVE-2018-12545
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12545.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12545
- Aliases
- Downstream
- Published
- 2019-03-27T20:29:03.630Z
- Modified
- 2026-03-10T14:34:45.894286Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
- References
-
- https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Affected packages
Git / github.com/eclipse/jetty.project
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse/jetty.project
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.3.0-20150601" }, { "introduced": "0" }, { "last_affected": "9.3.0-20150608" }, { "introduced": "0" }, { "last_affected": "9.3.0-20150612" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance0" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance1" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance2" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.1-20150714" }, { "introduced": "0" }, { "last_affected": "9.3.2-20150730" }, { "introduced": "0" }, { "last_affected": "9.3.3-20150825" }, { "introduced": "0" }, { "last_affected": "9.3.3-20150827" }, { "introduced": "0" }, { "last_affected": "9.3.4-20151005" }, { "introduced": "0" }, { "last_affected": "9.3.4-20151007" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.5-20151012" }, { "introduced": "0" }, { "last_affected": "9.3.6-20151106" }, { "introduced": "0" }, { "last_affected": "9.3.7-20160115" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.8-20160311" }, { "introduced": "0" }, { "last_affected": "9.3.8-20160314" }, { "introduced": "0" }, { "last_affected": "9.3.8-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.9-20160517" }, { "introduced": "0" }, { "last_affected": "9.3.9-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.9-maintenance_1" }, { "introduced": "0" }, { "last_affected": "9.3.10-20160621" }, { "introduced": "0" }, { "last_affected": "9.3.10-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.11-20160721" }, { "introduced": "0" }, { "last_affected": "9.3.11-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.12-20160915" }, { "introduced": "0" }, { "last_affected": "9.3.13-20161014" }, { "introduced": "0" }, { "last_affected": "9.3.13-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.14-20161028" }, { "introduced": "0" }, { "last_affected": "9.3.15-20161220" }, { "introduced": "0" }, { "last_affected": "9.3.16-20170119" }, { "introduced": "0" }, { "last_affected": "9.3.16-20170120" }, { "introduced": "0" }, { "last_affected": "9.3.17-20170317" }, { "introduced": "0" }, { "last_affected": "9.3.17-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.18-20170406" }, { "introduced": "0" }, { "last_affected": "9.3.19-20170502" }, { "introduced": "0" }, { "last_affected": "9.3.20-20170531" }, { "introduced": "0" }, { "last_affected": "9.3.21-20170918" }, { "introduced": "0" }, { "last_affected": "9.3.21-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.21-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.22-20171030" }, { "introduced": "0" }, { "last_affected": "9.3.23-20180228" }, { "introduced": "0" }, { "last_affected": "9.3.24-20180605" }, { "introduced": "0" }, { "last_affected": "9.4.0-20161207" }, { "introduced": "0" }, { "last_affected": "9.4.0-20161208" }, { "introduced": "0" }, { "last_affected": "9.4.0-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.0-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.4.0-maintenance_1" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc2" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc3" }, { "introduced": "0" }, { "last_affected": "9.4.1-20170120" }, { "introduced": "0" }, { "last_affected": "9.4.1-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.2-20170220" }, { "introduced": "0" }, { "last_affected": "9.4.2-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.3-20170317" }, { "introduced": "0" }, { "last_affected": "9.4.3-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.4-20170410" }, { "introduced": "0" }, { "last_affected": "9.4.4-20170414" }, { "introduced": "0" }, { "last_affected": "9.4.4-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.5-20170502" }, { "introduced": "0" }, { "last_affected": "9.4.5-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.6-20170531" }, { "introduced": "0" }, { "last_affected": "9.4.6-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.7-20170914" }, { "introduced": "0" }, { "last_affected": "9.4.7-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.7-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.8-20171121" }, { "introduced": "0" }, { "last_affected": "9.4.8-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.9-20180320" }, { "introduced": "0" }, { "last_affected": "9.4.10-20180503" }, { "introduced": "0" }, { "last_affected": "9.4.10-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.10-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.11-20180605" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc2" } ] }
Affected versions
Other
PRE-MERGE-20120719-1138
jetty-7.*
jetty-7.4.4.v20110707
jetty-7.5.0.RC0
jetty-7.5.0.RC1
jetty-7.5.0.RC2
jetty-7.5.0.v20110901
jetty-7.5.1.v20110907
jetty-7.5.1.v20110908
jetty-7.5.2.v20111006
jetty-7.5.3.v20111011
jetty-7.5.4.v20111024
jetty-7.6.0.RC0
jetty-7.6.0.RC1
jetty-7.6.0.RC2
jetty-7.6.0.RC3
jetty-7.6.0.RC4
jetty-7.6.0.RC5
jetty-7.6.0.v20120125
jetty-7.6.0.v20120127
jetty-7.6.1.v20120215
jetty-7.6.10.v20130312
jetty-7.6.11.v20130520
jetty-7.6.11.v20130725
jetty-7.6.12.v20130726
jetty-7.6.13.v20130910
jetty-7.6.2.v20120302
jetty-7.6.2.v20120308
jetty-7.6.3.v20120413
jetty-7.6.3.v20120416
jetty-7.6.4.v20120522
jetty-7.6.4.v20120524
jetty-7.6.5.v20120713
jetty-7.6.5.v20120716
jetty-7.6.6.v20120903
jetty-7.6.7.v20120910
jetty-7.6.8.v20121106
jetty-7.6.9.v20130131
jetty-8.*
jetty-8.0.0.RC0
jetty-8.0.0.v20110901
jetty-8.0.1.v20110907
jetty-8.0.1.v20110908
jetty-8.0.2.v20111006
jetty-8.0.3.v20111011
jetty-8.0.4.v20111024
jetty-8.1.0.RC0
jetty-8.1.0.RC1
jetty-8.1.0.RC2
jetty-8.1.0.RC4
jetty-8.1.0.RC5
jetty-8.1.0.v20120125
jetty-8.1.0.v20120127
jetty-8.1.1.v20120215
jetty-8.1.10.v20130312
jetty-8.1.11.v20130520
jetty-8.1.12.v20130725
jetty-8.1.12.v20130726
jetty-8.1.13.v20130910
jetty-8.1.13.v20130916
jetty-8.1.2.v20120302
jetty-8.1.2.v20120308
jetty-8.1.3.v20120413
jetty-8.1.3.v20120416
jetty-8.1.4.v20120522
jetty-8.1.4.v20120524
jetty-8.1.5.v20120713
jetty-8.1.5.v20120716
jetty-8.1.6.v20120903
jetty-8.1.7.v20120910
jetty-8.1.8.v20121106
jetty-8.1.9.v20130131
jetty-9.*
jetty-9.0.0.M0
jetty-9.0.0.M1
jetty-9.0.0.M2
jetty-9.0.0.M3
jetty-9.0.0.M4
jetty-9.0.0.M5
jetty-9.0.0.RC0
jetty-9.0.0.RC1
jetty-9.0.0.RC2
jetty-9.0.0.RC3
jetty-9.0.0.v20130308
jetty-9.0.1.v20130408
jetty-9.0.2.v20130417
jetty-9.0.2.v20140415
jetty-9.0.3.v20130506
jetty-9.0.4.v20130621
jetty-9.0.4.v20130625
jetty-9.0.5.v20130813
jetty-9.0.5.v20130815
jetty-9.0.6.v20130919
jetty-9.0.6.v20130930
jetty-9.0.7.v20131031
jetty-9.0.7.v20131107
jetty-9.0.x
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.2.10.v20150310
jetty-9.2.11.M0
jetty-9.2.11.v20150528
jetty-9.2.11.v20150529
jetty-9.2.2.v20140723
jetty-9.2.3.v20140905
jetty-9.2.4.v20141103
jetty-9.2.5.v20141112
jetty-9.2.6.v20141203
jetty-9.2.6.v20141205
jetty-9.2.7.v20150116
jetty-9.2.8.v20150217
jetty-9.2.9.v20150224
jetty-9.3.0.M0
jetty-9.3.0.v20150612
npn-api-1.*
npn-api-1.0.0.v20120402
npn-api-1.1.0.v20120525