CVE-2021-28165

Exploit

EPSS 13.15%
Published 01.04.2021 15:15:14
Last modified 27.08.2025 21:15:37
Source emo@eclipse.org
Teams watchlist Login
Open Login

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

Affected products Warnungen 0 Metrics 5 CWE 3 References 110

Data is provided by the National Vulnerability Database (NVD)

Eclipse ≫ Jetty Version >= 7.2.2 < 9.4.39

Eclipse ≫ Jetty Version >= 10.0.0 < 10.0.2

Eclipse ≫ Jetty Version >= 11.0.0 < 11.0.2

Oracle ≫ Autovue For Agile Product Lifecycle Management Version21.0.2

Oracle ≫ Communications Cloud Native Core Policy Version1.14.0

Oracle ≫ Communications Element Manager Version8.2.2

Oracle ≫ Communications Services Gatekeeper Version7.0

Oracle ≫ Communications Session Report Manager Version >= 8.0.0.0 <= 8.2.4.0

Oracle ≫ Communications Session Route Manager Version >= 8.0.0.0 <= 8.2.4.0

Oracle ≫ Rest Data Services Version < 21.3

Oracle ≫ Siebel Core - Automation Version <= 21.9

Jenkins ≫ Jenkins SwEditionlts Version < 2.277.3

Jenkins ≫ Jenkins Version < 2.286

Netapp ≫ Cloud Manager Version < 3.9.8

Netapp ≫ E-series Performance Analyzer Version < 3.0

Netapp ≫ E-series Santricity Os Controller Version >= 11.0.0 < 11.70.1

Netapp ≫ E-series Santricity Storage SwPlatformvcenter Version < 1.10

Netapp ≫ E-series Santricity Web Services SwPlatformweb_services_proxy Version < 5.1

Netapp ≫ Ontap Tools SwPlatformvmware_vsphere Version < 9.10

Netapp ≫ Santricity Cloud Connector Version-

Netapp ≫ Santricity Web Services Proxy Version < 5.1

Netapp ≫ Snapcenter Version < 4.6

Netapp ≫ Storage Replication Adapter For Clustered Data Ontap SwPlatformvmware_vsphere Version < 9.10

Netapp ≫ Vasa Provider For Clustered Data Ontap Version < 9.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.15%	0.939

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.

CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

Not Applicable

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html