Test Kennung:	1.3.6.1.4.1.25623.1.0.104980
Kategorie:	Web Servers
Titel:	Eclipse Jetty HTTP/2 HPACK DoS Vulnerability (GHSA-wgh7-54f2-x98r) - Windows
Zusammenfassung:	Eclipse Jetty is prone to a denial of service (DoS); vulnerability.
Beschreibung:	Summary: Eclipse Jetty is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: An integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. Vulnerability Impact: Users of HTTP/2 can be impacted by a remote denial of service attack. Affected Software/OS: Eclipse Jetty version 9.3.0 through 9.4.52, 10.0.0 through 10.0.15 and 11.0.0 through 11.0.15. Solution: Update to version 9.4.53, 10.0.16, 11.0.16 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-36478 Debian Security Information: DSA-5540 (Google Search) https://www.debian.org/security/2023/dsa-5540 https://github.com/eclipse/jetty.project/pull/9634 https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html http://www.openwall.com/lists/oss-security/2023/10/18/4
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.