10 matches found
Jetty 9.4.27 < 9.4.30 Buffer Overflow
The version of Jetty installed on the remote host when handling too large response headers throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two...
GHSA-X3RH-M7VP-35F2 Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Operation on a Resource after Expiration or Release in Jetty Server
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
Information Disclosure
jetty-server is vulnerable to information disclosure. An HTTP 431 error occurs when large response headers are received, causing the HTTP response headers to be released to ByteBufferPool twice. This results in a double release and memory corruption and causes confidential information to be...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...
CVE-2019-17638
The CVE-2019-17638 entry concerns Eclipse Jetty (versions 9.4.27.v20200227 through 9.4.29.v20200521) where a too-large response header scenario leads to a double release of the ByteBuffer in the ByteBufferPool. This can allow two threads to racingly access the same ByteBuffer; as one thread prepa...
CVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...