QID 982247

QID 982247: Java (maven) Security Update for org.eclipse.jetty:jetty-server (GHSA-x3rh-m7vp-35f2)

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with response2 data. Thread1 then proceeds to write the buffer that now contains response2 data. This results in client1, which issued request1 and expects responses, to see response2 which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.).

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

  • CVSS V3 rated as Critical - 9.4 severity.
  • CVSS V2 rated as High - 7.5 severity.
    • Solution
    Customers are advised to refer to GHSA-x3rh-m7vp-35f2 for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 982247

    CVE-2019-17638 |
    Software Advisories
    Advisory ID Software Component Link
    GHSA-x3rh-m7vp-35f2 org.eclipse.jetty:jetty-server URL Logo github.com/advisories/GHSA-x3rh-m7vp-35f2
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].