Lucene search

Veracode Vulnerability DatabaseVERACODE:7108

HistoryJul 19, 2018 - 8:32 a.m.

Request Smuggling

2018-07-1908:32:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

jetty is vulnerable to request smuggling. An integer overflow in the chunk length parsing causes a large chunk size to be interpreted as a smaller chunk size. As a result, the content in the chunk body is interpreted as a pipelined request which can be exploited by an attacker to bypass authorization.

CPENameOperatorVersion
jetty :: http utilityle9.4.10.v20180503
jetty :: http utilityle9.2.24.v20180105
jetty :: http utilityle9.3.23.v20180228
jetty :: asynchronous http clientle9.4.10.v20180503
jetty :: server corele9.4.10.v20180503
jetty :: http utilityle9.4.10.v20180503
jetty :: http utilityle9.2.24.v20180105
jetty :: http utilityle9.3.23.v20180228
jetty :: asynchronous http clientle9.4.10.v20180503
jetty :: server corele9.4.10.v20180503

Name	Operator	Version
jetty :: http utility	le	9.4.10.v20180503
jetty :: http utility	le	9.2.24.v20180105
jetty :: http utility	le	9.3.23.v20180228
jetty :: asynchronous http client	le	9.4.10.v20180503
jetty :: server core	le	9.4.10.v20180503
jetty :: http utility	le	9.4.10.v20180503
jetty :: http utility	le	9.2.24.v20180105
jetty :: http utility	le	9.3.23.v20180228
jetty :: asynchronous http client	le	9.4.10.v20180503
jetty :: server core	le	9.4.10.v20180503

References

www.securitytracker.com/id/1041194

access.redhat.com/errata/RHSA-2019:0910

bugs.eclipse.org/bugs/show_bug.cgi?id=535668

github.com/eclipse/jetty.project/blob/42e939000d217dfa0049bfc299c02913f1cd21c7/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc

github.com/eclipse/jetty.project/commit/be8ff431a4b9b2e51c4c847512dfbc70166b8089

lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/r41af10c4adec8d34a969abeb07fd0d6ad0c86768b751464f1cdd23e8@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/r9159c9e7ec9eac1613da2dbaddbc15691a13d4dbb2c8be974f42e6ae@%3Ccommits.druid.apache.org%3E

lists.apache.org/thread.html/ra6f956ed4ec2855583b2d0c8b4802b450f593d37b77509b48cd5d574@%3Ccommits.druid.apache.org%3E

security.netapp.com/advisory/ntap-20181014-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us

www.debian.org/security/2018/dsa-4278

www.oracle.com/security-alerts/cpuoct2020.html