In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jetty | Eclipse | 9.4.7 (including) | 9.4.36 (excluding) |
| Jetty | Eclipse | 9.4.6-20170531 (including) | 9.4.6-20170531 (including) |
| Jetty | Eclipse | 9.4.6-20180619 (including) | 9.4.6-20180619 (including) |
| Jetty | Eclipse | 9.4.36 (including) | 9.4.36 (including) |
| Jetty | Eclipse | 9.4.36-20210114 (including) | 9.4.36-20210114 (including) |
| Jetty | Eclipse | 10.0.0 (including) | 10.0.0 (including) |
| Jetty | Eclipse | 11.0.0 (including) | 11.0.0 (including) |
| Red Hat AMQ 7.8.2 | RedHat | jetty | * |
| Red Hat AMQ 7.9.0 | RedHat | * | |
| Red Hat Fuse 7.10 | RedHat | jetty | * |
| Red Hat Integration Camel Quarkus 2 | RedHat | * | |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-controller-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-operator-bundle:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-registry-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-migration-velero-rhel8:v1.4.6-5 | * |
| Red Hat Migration Toolkit for Containers 1.4 | RedHat | rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4 | * |
| Red Hat OpenShift Container Platform 3.11 | RedHat | jenkins-0:2.289.1.1624365627-1.el7 | * |
| Red Hat OpenShift Container Platform 4.5 | RedHat | jenkins-0:2.277.3.1623846768-1.el7 | * |
| Red Hat OpenShift Container Platform 4.6 | RedHat | jenkins-0:2.277.3.1623853726-1.el8 | * |
| RHAF Camel-K 1.8 | RedHat | jetty | * |
| Jetty9 | Ubuntu | bionic | * |
| Jetty9 | Ubuntu | focal | * |
| Jetty9 | Ubuntu | groovy | * |
| Jetty9 | Ubuntu | hirsute | * |
| Jetty9 | Ubuntu | impish | * |
| Jetty9 | Ubuntu | kinetic | * |
| Jetty9 | Ubuntu | trusty | * |
| Jetty9 | Ubuntu | upstream | * |
| Jetty9 | Ubuntu | xenial | * |