CVE-2020-27223

Summary

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Jetty9.4.6.v20170531 < unspecifiedaffected
The Eclipse FoundationEclipse Jettyunspecified <= 9.4.36.v20210114affected
The Eclipse FoundationEclipse Jetty10.0.0affected
The Eclipse FoundationEclipse Jetty11.0.0affected

Weaknesses

  • CWE-407: CWE-407: Inefficient Algorithmic Complexity

ADP Enrichment

CVE Program Container

Additional References

References