Lucene search

CVE-2020-27223

🗓️ 26 Feb 2021 22:19:15Reported by eclipseType

cve🔗 web.nvd.nist.gov📰️ 33 Media mentions👁 243 Views🌐 WEB

Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114, 10.0.0, and 11.0.0 may enter a denial of service (DoS) state due to high CPU usage

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 52
Check Point Advisories	Eclipse Jetty Denial Of Service (CVE-2020-27223)	5 Apr 202100:00	–	checkpoint_advisories
IBM Security Bulletins	Security Bulletin: CVE-2020-27223 when Jetty handles a request containing multiple Accept headers the server may enter a denial of service (DoS) state	30 Jul 202105:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)	1 Feb 202321:57	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Eclipse Jetty ( CVE-2021-28163, CVE-2021-28165, CVE-2020-27223)	14 Jul 202118:24	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure Proxy	30 Jul 202105:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities were detected in IBM Secure External Authentication Server	30 Jul 202105:06	–	ibm
IBM Security Bulletins	Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2	7 May 202419:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty	11 Jan 202308:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect the IBM App Connect Enterprise Toolkit and the IBM Integration Bus Toolkit	30 Jun 202309:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities	29 Jun 202123:59	–	ibm

Nvd

Node

eclipse jettyRange9.4.7–9.4.36

eclipse jettyMatch9.4.620170531

eclipse jettyMatch9.4.620180619

eclipse jettyMatch9.4.36-

eclipse jettyMatch9.4.3620210114

eclipse jettyMatch10.0.0-

eclipse jettyMatch11.0.0-

Node

apache nifiMatch1.13.0

apache sparkMatch3.1.1-

Node

netapp e-series_santricity_os_controllerRange11.0.0–11.70.1

netapp e-series_santricity_web_servicesMatch-web_services_proxy

netapp element_plug-in_for_vcenter_serverMatch-

netapp hciMatch-

netapp hci_management_nodeMatch-

netapp management_services_for_element_softwareMatch-

netapp snap_creator_frameworkMatch-

netapp snapcenterMatch-

netapp snapmanagerMatch-oracle

netapp snapmanagerMatch-sap

netapp solidfireMatch-

Node

debian debian_linuxMatch10.0

Node

apache solrMatch8.8.1

Node

oracle rest_data_servicesRange<20.4.3.050.1904-

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "9.4.6.v20170531",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.36.v20210114",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "11.0.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f344191dbb1caabd265ee4%40%3Cnotifications.zookeeper.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuApr2021.html
lists	www.lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe4bc5cb08223254080%40%3Cdev.lucene.apache.org%3E
lists	www.lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f762d21bf1a383d7502%40%3Creviews.spark.apache.org%3E
github	www.github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
lists	www.lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b58cf39a84d6434695%40%3Cnotifications.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9a5f5322fdce116243%40%3Cdev.lucene.apache.org%3E
lists	www.lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5034e16c8317f5668d%40%3Ccommits.zookeeper.apache.org%3E
lists	www.lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72d46f253cb65d03e43%40%3Ccommits.druid.apache.org%3E
lists	www.lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d774a60e797e58cee6f%40%3Cissues.nifi.apache.org%3E

Parameter	Position	Path	Description	CWE
accept_language	header	/path/to/vulnerable/endpoint	Denial of service (DoS) vulnerability due to high CPU usage from processing multiple Accept headers with many quality parameters.	CWE-400, CWE-407

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Feb 2021 22:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS24.3

CVSS35.3

EPSS0.26008