Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-27223
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
算法复杂性
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Jetty 资源管理错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 存在资源管理错误漏洞,该漏洞源于处理这些质量值的CPU使用率过高,服务器可能会进入拒绝服务(DoS)状态,
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
The Eclipse FoundationEclipse Jetty 9.4.6.v20170531 ~ unspecified -
II. Public POCs for CVE-2020-27223
#POC DescriptionSource LinkShenlong Link
1CVE-2020-27223 Vulnerability App & PoChttps://github.com/motikan2010/CVE-2020-27223POC Details
2Nonehttps://github.com/ttestoo/Jetty-CVE-2020-27223POC Details
3Nonehttps://github.com/hshivhare67/Jetty_v9.4.31_CVE-2020-27223_beforepatchPOC Details
4Nonehttps://github.com/hshivhare67/Jetty_v9.4.31_CVE-2020-27223POC Details
5Nonehttps://github.com/Mahesh-970/G3_Jetty.project_CVE-2020-27223POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-27223
Please Login to view more intelligence information
New Vulnerabilities
Product: Eclipse Jetty
Vendor: The Eclipse Foundation
Same weakness: CWE-407
V. Comments for CVE-2020-27223

No comments yet

Leave a comment