Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jetty Uncontrolled Resource Consumption Vulnerability - CVE-2020-27223 - Vulnerability Database
Jetty

Jetty Uncontrolled Resource Consumption Vulnerability - CVE-2020-27223

High
Reference: CVE-2020-27223
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27223
Title: Jetty Uncontrolled Resource Consumption Vulnerability
Overview:

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive) 10.0.0 and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values resulting in minutes of CPU time exhausted processing those quality values.