CVE-2022-2048
07.07.2022, 21:15
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.Enginsight
| Vendor | Product | Version |
|---|---|---|
| eclipse | jetty | 𝑥 < 9.4.47 |
| eclipse | jetty | 10.0.0 ≤ 𝑥 < 10.0.9 |
| eclipse | jetty | 11.0.0 ≤ 𝑥 < 11.0.9 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 11.0 |
| netapp | element_plug-in_for_vcenter_server | - |
| netapp | management_services_for_element_software_and_netapp_hci | - |
| netapp | snapcenter | - |
| netapp | solidfire_\&_hci_storage_node | - |
| netapp | hci_compute_node | - |
| jenkins | jenkins | 𝑥 < 2.263 |
| jenkins | jenkins | 𝑥 < 2.361.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| jetty |
| ||||||||||||||||||||
| jetty8 |
| ||||||||||||||||||||
| jetty9 |
|
Common Weakness Enumeration
References