CVE-2018-12545
- Source
- https://cve.org/CVERecord?id=CVE-2018-12545
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12545.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-12545
- Aliases
- Downstream
- Published
- 2019-03-27T20:29:03.630Z
- Modified
- 2026-04-10T04:04:54.825048Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
- References
-
- https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2%40%3Ccommits.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79%40%3Cnotifications.accumulo.apache.org%3E
- https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606%40%3Cdevnull.infra.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Affected packages
Git / github.com/eclipse/jetty.project
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse/jetty.project
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.3.0-20150601" }, { "introduced": "0" }, { "last_affected": "9.3.0-20150608" }, { "introduced": "0" }, { "last_affected": "9.3.0-20150612" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance0" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance1" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance2" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.1-20150714" }, { "introduced": "0" }, { "last_affected": "9.3.2-20150730" }, { "introduced": "0" }, { "last_affected": "9.3.3-20150825" }, { "introduced": "0" }, { "last_affected": "9.3.3-20150827" }, { "introduced": "0" }, { "last_affected": "9.3.4-20151005" }, { "introduced": "0" }, { "last_affected": "9.3.4-20151007" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.5-20151012" }, { "introduced": "0" }, { "last_affected": "9.3.6-20151106" }, { "introduced": "0" }, { "last_affected": "9.3.7-20160115" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.8-20160311" }, { "introduced": "0" }, { "last_affected": "9.3.8-20160314" }, { "introduced": "0" }, { "last_affected": "9.3.8-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.9-20160517" }, { "introduced": "0" }, { "last_affected": "9.3.9-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.9-maintenance_1" }, { "introduced": "0" }, { "last_affected": "9.3.10-20160621" }, { "introduced": "0" }, { "last_affected": "9.3.10-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.11-20160721" }, { "introduced": "0" }, { "last_affected": "9.3.11-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.12-20160915" }, { "introduced": "0" }, { "last_affected": "9.3.13-20161014" }, { "introduced": "0" }, { "last_affected": "9.3.13-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.14-20161028" }, { "introduced": "0" }, { "last_affected": "9.3.15-20161220" }, { "introduced": "0" }, { "last_affected": "9.3.16-20170119" }, { "introduced": "0" }, { "last_affected": "9.3.16-20170120" }, { "introduced": "0" }, { "last_affected": "9.3.17-20170317" }, { "introduced": "0" }, { "last_affected": "9.3.17-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.18-20170406" }, { "introduced": "0" }, { "last_affected": "9.3.19-20170502" }, { "introduced": "0" }, { "last_affected": "9.3.20-20170531" }, { "introduced": "0" }, { "last_affected": "9.3.21-20170918" }, { "introduced": "0" }, { "last_affected": "9.3.21-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.3.21-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.22-20171030" }, { "introduced": "0" }, { "last_affected": "9.3.23-20180228" }, { "introduced": "0" }, { "last_affected": "9.3.24-20180605" }, { "introduced": "0" }, { "last_affected": "9.4.0-20161207" }, { "introduced": "0" }, { "last_affected": "9.4.0-20161208" }, { "introduced": "0" }, { "last_affected": "9.4.0-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.0-maintenance_0" }, { "introduced": "0" }, { "last_affected": "9.4.0-maintenance_1" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc2" }, { "introduced": "0" }, { "last_affected": "9.4.0-rc3" }, { "introduced": "0" }, { "last_affected": "9.4.1-20170120" }, { "introduced": "0" }, { "last_affected": "9.4.1-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.2-20170220" }, { "introduced": "0" }, { "last_affected": "9.4.2-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.3-20170317" }, { "introduced": "0" }, { "last_affected": "9.4.3-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.4-20170410" }, { "introduced": "0" }, { "last_affected": "9.4.4-20170414" }, { "introduced": "0" }, { "last_affected": "9.4.4-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.5-20170502" }, { "introduced": "0" }, { "last_affected": "9.4.5-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.6-20170531" }, { "introduced": "0" }, { "last_affected": "9.4.6-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.7-20170914" }, { "introduced": "0" }, { "last_affected": "9.4.7-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.7-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.8-20171121" }, { "introduced": "0" }, { "last_affected": "9.4.8-20180619" }, { "introduced": "0" }, { "last_affected": "9.4.9-20180320" }, { "introduced": "0" }, { "last_affected": "9.4.10-20180503" }, { "introduced": "0" }, { "last_affected": "9.4.10-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.10-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.11-20180605" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc0" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc1" }, { "introduced": "0" }, { "last_affected": "9.4.12-rc2" } ] }
Affected versions
jetty-8.*
jetty-8.0.0.RC0
jetty-8.1.0.RC0
jetty-9.*
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.3.0.M0
jetty-9.3.0.M1
jetty-9.3.0.M2
jetty-9.3.0.RC0
jetty-9.3.0.RC1
jetty-9.3.0.v20150601
jetty-9.3.0.v20150608
jetty-9.3.0.v20150612
jetty-9.3.1.v20150714
jetty-9.3.10.M0
jetty-9.3.10.v20160621
jetty-9.3.11.M0
jetty-9.3.11.v20160721
jetty-9.3.12.v20160915
jetty-9.3.13.M0
jetty-9.3.13.v20161014
jetty-9.3.14.v20161028
jetty-9.3.15.v20161220
jetty-9.3.16.v20170119
jetty-9.3.16.v20170120
jetty-9.3.17.RC0
jetty-9.3.17.v20170317
jetty-9.3.18.v20170406
jetty-9.3.19.v20170502
jetty-9.3.2.v20150730
jetty-9.3.20.v20170531
jetty-9.3.21.M0
jetty-9.3.21.RC0
jetty-9.3.21.v20170918
jetty-9.3.22.v20171030
jetty-9.3.23.v20180228
jetty-9.3.24.v20180605
jetty-9.3.3.v20150825
jetty-9.3.3.v20150827
jetty-9.3.4.RC0
jetty-9.3.4.RC1
jetty-9.3.4.v20151005
jetty-9.3.4.v20151007
jetty-9.3.5.v20151012
jetty-9.3.6.v20151106
jetty-9.3.7.RC0
jetty-9.3.7.RC1
jetty-9.3.7.v20160115
jetty-9.3.8.RC0
jetty-9.3.8.v20160311
jetty-9.3.8.v20160314
jetty-9.3.9.M0
jetty-9.3.9.M1
jetty-9.3.9.v20160517
jetty-9.4.0.M0
jetty-9.4.0.M1
jetty-9.4.0.RC0
jetty-9.4.0.RC1
jetty-9.4.0.RC2
jetty-9.4.0.RC3
jetty-9.4.0.v20161207
jetty-9.4.0.v20161208
jetty-9.4.0.v20180619
jetty-9.4.1.v20170120
jetty-9.4.1.v20180619
jetty-9.4.10.RC0
jetty-9.4.10.RC1
jetty-9.4.10.v20180503
jetty-9.4.11.v20180605
jetty-9.4.12.RC0
jetty-9.4.12.RC1
jetty-9.4.12.RC2
jetty-9.4.2.v20170220
jetty-9.4.2.v20180619
jetty-9.4.3.v20170317
jetty-9.4.3.v20180619
jetty-9.4.4.v20170410
jetty-9.4.4.v20170414
jetty-9.4.4.v20180619
jetty-9.4.5.v20170502
jetty-9.4.5.v20180619
jetty-9.4.6.v20170531
jetty-9.4.6.v20180619
jetty-9.4.7.RC0
jetty-9.4.7.v20170914
jetty-9.4.7.v20180619
jetty-9.4.8.v20171121
jetty-9.4.8.v20180619
jetty-9.4.9.v20180320