Description

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Remediation

References

CVE-2020-27223

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2019-9022)

WordPress Plugin WP Symposium Arbitrary File Upload (14.11)

Oracle Application Server CVE-2006-5364 Vulnerability (CVE-2006-5364)

WordPress Plugin Gravity Forms SQL Injection (1.9.3.5)

WordPress Plugin ZeenShare Cross-Site Scripting (1.0.1)

Severity

High

Classification

CVE-2020-27223 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Tags

Missing Update Known Vulnerabilities