CVE-2018-12545 Vulnerability Details

  /     /     /  

CVE-2018-12545 Metadata Quick Info

CVE Published: 27/03/2019 | CVE Updated: 05/08/2024 | CVE Year: 2018
Source: eclipse | Vendor: The Eclipse Foundation | Product: Eclipse Jetty
Status : PUBLISHED

---

CVE-2018-12545 Description

In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-400
CWE Name: CWE-400: Uncontrolled Resource Consumption
Source: The Eclipse Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).