Candidate: CVE-2018-12545
PublicDate: 2019-03-27 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12545
 https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
Description:
 In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to
 Denial of Service conditions if a remote client sends either large SETTINGs
 frames container containing many settings, or many small SETTINGs frames.
 The vulnerability is due to the additional CPU and memory allocations
 required to handle changed settings.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_jetty8:
upstream_jetty8: not-affected (code not present)
precise/esm_jetty8: DNE
trusty_jetty8: ignored (out of standard support)
trusty/esm_jetty8: not-affected (code not present)
xenial_jetty8: not-affected (code not present)
bionic_jetty8: DNE
eoan_jetty8: DNE
focal_jetty8: DNE
devel_jetty8: DNE

Patches_jetty9:
upstream_jetty9: released (9.4.21-deb9u1, 9.4.12.v20180830)
precise/esm_jetty9: DNE
trusty_jetty9: DNE
trusty/esm_jetty9: DNE
xenial_jetty9: not-affected (code not present)
artful_jetty9: DNE
bionic_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)
cosmic_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)
disco_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)
eoan_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)
focal_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)
devel_jetty9: not-affected (9.4.15-1~18.04.1ubuntu1)