In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or “zeroize” the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jetty | Eclipse | 9.4.0 (including) | 9.4.35 (excluding) |
| Jetty | Eclipse | 10.0.0-alpha0 (including) | 10.0.0-alpha0 (including) |
| Jetty | Eclipse | 10.0.0-alpha1 (including) | 10.0.0-alpha1 (including) |
| Jetty | Eclipse | 10.0.0-beta0 (including) | 10.0.0-beta0 (including) |
| Jetty | Eclipse | 10.0.0-beta1 (including) | 10.0.0-beta1 (including) |
| Jetty | Eclipse | 10.0.0-beta2 (including) | 10.0.0-beta2 (including) |
| Jetty | Eclipse | 11.0.0-alpha0 (including) | 11.0.0-alpha0 (including) |
| Jetty | Eclipse | 11.0.0-beta1 (including) | 11.0.0-beta1 (including) |
| Jetty | Eclipse | 11.0.0-beta2 (including) | 11.0.0-beta2 (including) |
| Red Hat AMQ 7.8.1 | RedHat | jetty | * |
| Red Hat AMQ LTS 7.4.6 | RedHat | jetty | * |
| Red Hat Fuse 7.10 | RedHat | jetty | * |
| Red Hat Integration Camel Quarkus 2 | RedHat | jetty | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-controller-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-operator-bundle:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-registry-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.289.1.1624365627-1.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | jenkins-0:2.277.3.1623846768-1.el7 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | jenkins-0:2.277.3.1623853726-1.el8 | * |
| RHINT Camel-K 1.6.4 | RedHat | jetty | * |
| Eclipse | Ubuntu | bionic | * |
| Eclipse | Ubuntu | trusty | * |
| Eclipse | Ubuntu | xenial | * |
| Jetty | Ubuntu | trusty | * |
| Jetty | Ubuntu | trusty/esm | * |
| Jetty | Ubuntu | xenial | * |
When resources are released, they can be made available for reuse. For example, after memory is de-allocated, an operating system may make the memory available to another process, or disk space may be reallocated when a file is deleted. As removing information requires time and additional resources, operating systems do not usually clear the previously written information. Even when the resource is reused by the same process, this weakness can arise when new data is not as large as the old data, which leaves portions of the old data still available. Equivalent errors can occur in other situations where the length of data is variable but the associated data structure is not. If memory is not cleared after use, the information may be read by less trustworthy parties when the memory is reallocated. This weakness can apply in hardware, such as when a device or system switches between power, sleep, or debug states during normal operation, or when execution changes to different users or privilege levels.