A remote attacker can supply specially crafted transfer-encoding chunks to Eclipse Jetty that may bypass the authorization checks of an intermediary caching proxy.

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

PT-2010-1834 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.23 Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via specific chunks, including 1 an Out Of The Blue OOTB chunk or 2 a chunk of zero length...