Threat Encyclopedia



This indicates an attack attempt to exploit a Denial of Service Vulnerability in Eclipse Foundation Jetty Web Server
A remote, unauthenticated attacker can exploit this vulnerability by sending a large number of SETTINGS frames to the target server. Successful exploitation results in denial of service conditions on the target server.

affected-products-logoAffected Products

Eclipse Foundation Jetty Web Server 9.3.x prior to 9.3.25.v20180904
Eclipse Foundation Jetty Web Server 9.4.x prior to 9.4.12.v20180830


Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References