VDB
CVE-2018-12545
CVE-2018-12545
REJECTED
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings.
EPSS 3.54% · 87.9th percentile
Risk Scores
EPSS Score
3.54%
87.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | jetty9 | 0, 9.2.22-2, 9.2.22-3 |
Exploit Intelligence
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
Timeline
- Mar 27, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-12545 third-party-advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-12545 third-party-advisory