CVE-2021-28165

CVSS v3.1 7.5 (High)

CVSS v2.0 7.8 (High)

EPSS 80.24 % (98^th)

Affected Products 21

Advisories 6

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

Weaknesses

CWE-400: Uncontrolled Resource Consumption
CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE-755: Improper Handling of Exceptional Conditions

CVE Status: PUBLISHED
CNA: Eclipse Foundation
Published Date: 2021-04-01 15:15:14
(3 years ago)
Updated Date: 2023-11-07 03:32:05
(10 months ago)

Affected Products

Eclipse

Jetty

Jenkins

Jenkins

Netapp

Oracle

Configuration #1

		CPE23	From	Up To
	Eclipse Jetty from 7.2.2 version and prior 9.4.39 version	cpe:2.3:a:eclipse:jetty	>= 7.2.2	< 9.4.39
	Eclipse Jetty from 10.0.0 version and prior 10.0.2 version	cpe:2.3:a:eclipse:jetty	>= 10.0.0	< 10.0.2
	Eclipse Jetty from 11.0.0 version and prior 11.0.2 version	cpe:2.3:a:eclipse:jetty	>= 11.0.0	< 11.0.2

Configuration #2

		CPE23	From	Up To
	Oracle Autovue for Agile Product Lifecycle Management 21.0.2	cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2
	Oracle Communications Cloud Native Core Policy 1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0
	Oracle Communications Element Manager 8.2.2	cpe:2.3:a:oracle:communications_element_manager:8.2.2
	Oracle Communications Services Gatekeeper 7.0	cpe:2.3:a:oracle:communications_services_gatekeeper:7.0
	Oracle Communications Session Report Manager from 8.0.0.0 version and 8.2.4.0 and prior versions	cpe:2.3:a:oracle:communications_session_report_manager	>= 8.0.0.0	<= 8.2.4.0
	Oracle Communications Session Route Manager from 8.0.0.0 version and 8.2.4.0 and prior versions	cpe:2.3:a:oracle:communications_session_route_manager	>= 8.0.0.0	<= 8.2.4.0
	Oracle Rest Data Services prior 21.3 version	cpe:2.3:a:oracle:rest_data_services		< 21.3
	Oracle Siebel Core - Automation 21.9 and prior versions	cpe:2.3:a:oracle:siebel_core_-_automation		<= 21.9

Configuration #3

		CPE23	From	Up To
	Jenkins prior 2.277.3 version	cpe:2.3:a:jenkins:jenkins::::*:lts		< 2.277.3
	Jenkins prior 2.286 version	cpe:2.3:a:jenkins:jenkins		< 2.286

Configuration #4

		CPE23	From	Up To
	Netapp Cloud Manager prior 3.9.8 version	cpe:2.3:a:netapp:cloud_manager		< 3.9.8
	Netapp E-series Performance Analyzer prior 3.0 version	cpe:2.3:a:netapp:e-series_performance_analyzer		< 3.0
	Netapp E-series Santricity Os Controller from 11.0.0 version and prior 11.70.1 version	cpe:2.3:a:netapp:e-series_santricity_os_controller	>= 11.0.0	< 11.70.1
	Netapp E-series Santricity Storage for Vcenter prior 1.10 version	cpe:2.3:a:netapp:e-series_santricity_storage::::::vcenter		< 1.10
	Netapp E-series Santricity Web Services for Web Services Proxy prior 5.1 version	cpe:2.3:a:netapp:e-series_santricity_web_services::::::web_services_proxy		< 5.1
	Netapp Ontap Tools for Vmware Vsphere prior 9.10 version	cpe:2.3:a:netapp:ontap_tools::::::vmware_vsphere		< 9.10
	Netapp Santricity Cloud Connector	cpe:2.3:a:netapp:santricity_cloud_connector:-
	Netapp Santricity Web Services Proxy prior 5.1 version	cpe:2.3:a:netapp:santricity_web_services_proxy		< 5.1
	Netapp Snapcenter prior 4.6 version	cpe:2.3:a:netapp:snapcenter		< 4.6
	Netapp Storage Replication Adapter for Clustered Data Ontap For Vmware Vsphere prior 9.10 version	cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap::::::vmware_vsphere		< 9.10
	Netapp Vasa Provider for Clustered Data Ontap prior 9.10 version	cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap		< 9.10