CVE-2020-27223
Description
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
33.816
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server 9.4.37 | Windows |
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server 10.0.1 | Windows |
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server 11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.4.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.4 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.9 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.4 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.2 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.8 | Windows |
| jetty9 security update(DSA-4949-1) jetty9_9.4.16-0+deb10u1_all.deb | Linux |
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server for Linux 9.4.37 | Linux |
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server for Linux 10.0.1 | Linux |
| Vulnerabilities CVE-2020-27223 are fixed in Eclipse-jetty-server for Linux 11.0.1 | Linux |
| Uncontrolled Resource Consumption Vulnerability (CVE-2020-27223) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234