In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: eclipse
Published: 2021-02-26T21:55:13
Updated: 2024-08-04T16:11:36.050Z
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27223
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-02-26T22:15:19.317
Modified: 2024-11-21T05:20:53.657
Link: CVE-2020-27223
Redhat