Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2019-17638

Published: 09/07/2020 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.4 | Impact Score: 5.5 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Jetty

Vulnerability Summary

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jetty 9.4.29

eclipse jetty 9.4.28

eclipse jetty 9.4.27

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.4.27 openshift-jenkins-2-container security update
Synopsis Important: OpenShift Container Platform 4427 openshift-jenkins-2-container security update Type/Severity Security Advisory: Important Topic An update for openshift-jenkins-2-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this update as h ...
Red Hat: Important: OpenShift Container Platform 4.5.13 jenkins security update
Synopsis Important: OpenShift Container Platform 4513 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 45Red Hat Product Security has rated this update as having a security impact of Important A Comm ...
Red Hat: Important: OpenShift Container Platform 3.11.306 jenkins security update
Synopsis Important: OpenShift Container Platform 311306 jenkins security update Type/Severity Security Advisory: Important Topic An update for jenkins is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as having a security impact of Important A C ...
Red Hat: Important: Red Hat Fuse 7.8.0 release and security update
Synopsis Important: Red Hat Fuse 780 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 77 to 78) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...

Mailing Lists

Full Disclosure: Vulnerability in Jenkins
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Vulnerability in Jenkins <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Daniel Beck &lt;ml () beckweb net&gt; D ...

References

CWE-672https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984http://www.openwall.com/lists/oss-security/2020/08/17/1https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/https://lists.apache.org/thread.html/r4bdd3f7bb6820a79f9416b6667d718a06d269018619a75ce4b759318%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r521168299e023fb075b57afe33d17ff1d09e8a10e0fd8c775ea0e028%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r378e4cdec15e132575aa1dcb6296ffeff2a896745a8991522e266ad4%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/ra8661fc8c69c647cb06153c1485d48484a833d873f75dfe45937e9de%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r81f58591fb4716fb867b36956f30c7c8ad4ab3f23abc952d9d86a2a0%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r9a2cfa56d30782a0c17a5deb951a622d1f5c8de48e1c3b578ffc2a84%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rbe1f230e87ea947593145d0072d0097ddb0af10fee1161db8ca1546c%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r29073905dc9139d0d7a146595694bf57bb9e35e5ec6aa73eb9c8443a%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r7fc5f2ed49641ea91c433e3cd0fc3d31c0278c87b82b15c33b881415%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rd98cfd012490cb02caa1a11aaa0cc38bff2d43bcce9b20c2f01063dd%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:4220
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook