Show plain JSON{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/febc94ffec9275dcda64633e0276a1400cd318e571009e4cda9b7a79@%3Cnotifications.accumulo.apache.org%3E", "name": "[accumulo-notifications] 20190402 [GitHub] [accumulo] milleruntime opened a new pull request #1072: Upgrade jetty to fix CVE", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/70744fe4faba8e2fa7e50a7fc794dd03cb28dad8b21e08ee59bb1606@%3Cdevnull.infra.apache.org%3E", "name": "[infra-devnull] 20190402 [GitHub] [accumulo] milleruntime opened pull request #1072: Upgrade jetty to fix CVE", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/13f5241048ec0bf966a6ddd306feaf40de5b20e1f09096b9cddeddf2@%3Ccommits.accumulo.apache.org%3E", "name": "[accumulo-commits] 20190404 [accumulo] branch master updated: Update jetty to latest (CVE-2018-12545)", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIS4LALKZNLF5X5IGNGRSKERG7FY4QG6/", "name": "FEDORA-2019-d9f867cb65", "tags": ["Mailing List", "Release Notes", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many small SETTINGs frames. The vulnerability is due to the additional CPU and memory allocations required to handle changed settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-770"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-12545", "ASSIGNER": "security@eclipse.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2019-03-27T20:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-10-23T18:18Z"}