GHSA-qxp4-27vx-xmm3

Source

https://github.com/advisories/GHSA-qxp4-27vx-xmm3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qxp4-27vx-xmm3/GHSA-qxp4-27vx-xmm3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qxp4-27vx-xmm3

Aliases

CVE-2011-4461

Published

2022-05-14T01:27:35Z

Modified

2024-04-19T19:16:17.732170Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Improper Input Validation in Jetty

Details

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Database specific

{
    "nvd_published_at": "2011-12-30T01:55:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-13T18:07:02Z"
}

References

Affected packages

Maven / org.eclipse.jetty:jetty-server

Package

Name: org.eclipse.jetty:jetty-server; View open source insights on deps.dev
Purl: pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.0.RC4

Affected versions

7.*

7.0.0.M0

7.0.0.M1

7.0.0.M2

7.0.0.M3

7.0.0.M4

7.0.0.RC0

7.0.0.RC1

7.0.0.RC2

7.0.0.RC3

7.0.0.RC4

7.0.0.RC5

7.0.0.RC6

7.0.0.v20091005

7.0.1.v20091125

7.0.2.RC0

7.0.2.v20100331

7.1.0.RC0

7.1.0.RC1

7.1.0.v20100505

7.1.1.v20100517

7.1.2.v20100523

7.1.3.v20100526

7.1.4.v20100610

7.1.5.v20100705

7.1.6.v20100715

7.2.0.RC0

7.2.0.v20101020

7.2.1.v20101111

7.2.2.v20101205

7.3.0.v20110203

7.3.1.v20110307

7.4.0.RC0

7.4.0.v20110414

7.4.1.v20110513

7.4.2.v20110526

7.4.3.v20110701

7.4.4.v20110707

7.4.5.v20110725

7.5.0.RC0

7.5.0.RC1

7.5.0.RC2

7.5.0.v20110901

7.5.1.v20110908

7.5.2.v20111006

7.5.3.v20111011

7.5.4.v20111024

7.6.0.RC0

7.6.0.RC1

7.6.0.RC2

7.6.0.RC3

7.6.0.RC4

7.6.0.RC5

7.6.0.v20120127

7.6.1.v20120215

7.6.2.v20120308

7.6.3.v20120416

7.6.4.v20120524

7.6.5.v20120716

7.6.6.v20120903

7.6.7.v20120910

7.6.8.v20121106

7.6.9.v20130131

7.6.10.v20130312

7.6.11.v20130520

7.6.12.v20130726

7.6.13.v20130916

7.6.14.v20131031

7.6.15.v20140411

7.6.16.v20140903

7.6.17.v20150415

7.6.18.v20150929

7.6.19.v20160209

7.6.20.v20160902

7.6.21.v20160908

8.*

8.0.0.M0

8.0.0.M1

8.0.0.M2

8.0.0.M3

8.0.0.RC0

8.0.0.v20110901

8.0.1.v20110908

8.0.2.v20111006

8.0.3.v20111011

8.0.4.v20111024

8.1.0.RC0

8.1.0.RC1

8.1.0.RC2

Database specific

{
    "last_known_affected_version_range": "<= 8.1.0.RC2"
}