CVE-2021-28165
Description
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
11.827
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server 9.4.39 | Windows |
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server 10.0.2 | Windows |
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server 11.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 10.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Vulnerabilities CVE-2021-28165,CVE-2022-38732 are affected in Netapp Snapcenter 4.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.4 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM MQ 9.2 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.9 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.4 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.0.5.3 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.0 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 7.1.1.2 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.2.7.8 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 23.0.2 | Windows |
| jetty Security Update (ALAS-2025-2871) jetty-util-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-util-ajax-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-webapp-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-api-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-client-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-common-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-parent-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-server-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-xml-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jaspi-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jaas-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-client-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-continuation-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-io-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-http-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-deploy-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-websocket-servlet-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-javadoc-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-annotations-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jmx-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jndi-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jsp-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-maven-plugin-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-monitor-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-start-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-project-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-proxy-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-rewrite-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-ant-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-runner-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-security-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-server-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-servlet-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-servlets-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS-2025-2871) jetty-plus-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server for Linux 9.4.39 | Linux |
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server for Linux 10.0.2 | Linux |
| Vulnerabilities CVE-2021-28165 are fixed in Eclipse-jetty-server for Linux 11.0.2 | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-annotations-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-ant-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-client-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-continuation-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-deploy-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-http-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-io-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jaas-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jaspi-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-javadoc-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jmx-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jndi-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jsp-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-maven-plugin-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-monitor-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-plus-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-project-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-proxy-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-rewrite-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-runner-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-security-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-server-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-servlet-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-servlets-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-start-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-util-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-util-ajax-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-webapp-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-api-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-client-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-common-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-parent-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-server-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-websocket-servlet-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| jetty Security Update (ALAS2-2025-2871) jetty-xml-9.0.3-8.amzn2.0.6.noarch.rpm | Linux |
| Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-28165) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234