VDB

CVE-2020-27223

CVE-2020-27223 PUBLISHED CVSS 8.699999809265137 HIGH

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

EPSS 33.82% · 97.0th percentile

Risk Scores

CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
33.82%
97.0th percentile

Affected Products

VendorProductVersions
Bitnaminifi1.13.0, 1.13.0, 1.13.0
AWSecs
Bitnaminifi1.13.0
Bitnamispark3.1.1
Bitnamispark3.1.1, 3.1.1, 3.1.1
Bitnamisolr8.8.1, 8.8.1, 8.8.1
Bitnamisolr8.8.1

Timeline

  • Feb 26, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 28, 2021 PoC Published
  • Dec 11, 2021 PoC Published
  • Dec 13, 2021 PoC Published
  • Dec 18, 2021 PoC Published
  • Apr 7, 2022 PoC Published
  • Apr 22, 2022 PoC Published
  • Jun 7, 2022 PoC Published
  • Sep 16, 2022 PoC Published
  • Mar 7, 2023 EPSS Score
  • Oct 5, 2023 PoC Published

References

…and 48 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›