Threat Encyclopedia

Eclipse.Jetty.HTTP2.SETTINGS.Frames.DoS

description-logoDescription

This indicates an attack attempt to exploit a Denial of Service Vulnerability in Eclipse Foundation Jetty Web Server
A remote, unauthenticated attacker can exploit this vulnerability by sending a large number of SETTINGS frames to the target server. Successful exploitation results in denial of service conditions on the target server.

affected-products-logoAffected Products

Eclipse Foundation Jetty Web Server 9.3.x prior to 9.3.25.v20180904
Eclipse Foundation Jetty Web Server 9.4.x prior to 9.4.12.v20180830

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://bugs.eclipse.org/bugs/show_activity.cgi?id=538096

CVE References

CVE-2018-12545