CVE编号
CVE-2020-27223利用情况
暂无补丁情况
官方补丁披露时间
2021-02-27漏洞描述
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.4.6.v20170531至9.4.36.v20210114 (inclusive)版本、10.0.0和11.0.0版本存在拒绝服务漏洞。该漏洞源于处理某些质量值时CPU使用率过高。攻击者可利用该漏洞导致拒绝服务(DoS)。受影响系统: Eclipse Jetty 9.4.6.v20170531<= Version <=9. Eclipse Jetty 11.0.0 Eclipse Jetty 10.0.0
解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
参考链接 |
|
|---|---|
| https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128 | |
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7 | |
| https://lists.apache.org/thread.html/r068dfd35ce2193f6af28b74ff29ab148c2b2cac... | |
| https://lists.apache.org/thread.html/r07aedcb1ece62969c406cb84c8f0e22cec7e42c... | |
| https://lists.apache.org/thread.html/r0b639bd9bfaea265022125d18acd2fc6456044b... | |
| https://lists.apache.org/thread.html/r0c6eced465950743f3041b03767a32b2e98d197... | |
| https://lists.apache.org/thread.html/r0cdab13815fc419805a332278c8d27e354e7856... | |
| https://lists.apache.org/thread.html/r0e25cdf3722a24c53049d37396f0da8502cb4b7... | |
| https://lists.apache.org/thread.html/r105f4e52feb051faeb9141ef78f909aaf5129d6... | |
| https://lists.apache.org/thread.html/r1414ab2b3f4bb4c0e736caff6dc8d15f93f6264... | |
| https://lists.apache.org/thread.html/r1b7ed296a865e3f1337a96ee9cd51f6d154d881... | |
| https://lists.apache.org/thread.html/r1b803e6ebdac5f670708878fb1b27cd7a0ce9d7... | |
| https://lists.apache.org/thread.html/r26d9196f4d2afb9bec2784bcb6fc183aca82e41... | |
| https://lists.apache.org/thread.html/r27ad7843d060762cc942820566eeaa9639f7537... | |
| https://lists.apache.org/thread.html/r2c2c7b2971360fb946bbf062c58d7245927dd1c... | |
| https://lists.apache.org/thread.html/r2c947376491a20d1cf143bf3c21ed74113e099d... | |
| https://lists.apache.org/thread.html/r35ab810c0f3016b3fd3a3fa9088a2d2781b354a... | |
| https://lists.apache.org/thread.html/r3ce0e31b25ad4ee8f7c42b62cfdc72d1b586f5d... | |
| https://lists.apache.org/thread.html/r409ee2bae66bfff6aa89e6c74aff535e6248260... | |
| https://lists.apache.org/thread.html/r463b12b27264c5e1e3c48c8c2cc5d33813d2f0d... | |
| https://lists.apache.org/thread.html/r492cff8488a7f6eb96700afb5d137b719ddb80a... | |
| https://lists.apache.org/thread.html/r4a456d89a83752a012d88a60ff4b21def6c9f65... | |
| https://lists.apache.org/thread.html/r4c92ea39167c0f7b096ae8268db496b5451d696... | |
| https://lists.apache.org/thread.html/r51f8975ef47c12a46fbfd7da9efea7f08e1d307... | |
| https://lists.apache.org/thread.html/r521a077885ce79c44a799118c878589e81e525c... | |
| https://lists.apache.org/thread.html/r5612dc69e1f79c421faf9764ffbc92591e2a69e... | |
| https://lists.apache.org/thread.html/r562a0cbc5c8cac4d000a27b2854a8ab1b924aa9... | |
| https://lists.apache.org/thread.html/r5b7cc6ac733e0b35816751cf45d152ae246a3f4... | |
| https://lists.apache.org/thread.html/r601f15f3de7ae3a7bbcd780c19155075c56443c... | |
| https://lists.apache.org/thread.html/r65c714241b9d064a44fec10d60ebf5a37d5ebad... | |
| https://lists.apache.org/thread.html/r734f996149bb9b1796740385fcbdf3e093eb9aa... | |
| https://lists.apache.org/thread.html/r75ee2a529edb892ac59110cb3f6f91844a932c5... | |
| https://lists.apache.org/thread.html/r7f4ad5eec0bce2821c308bb23cac53df5c94eb8... | |
| https://lists.apache.org/thread.html/r7fbdb7880be1566f943d80fbbeefde2115c086e... | |
| https://lists.apache.org/thread.html/r7ffd050d3bd7c90d95f4933560b5f4f15971ab9... | |
| https://lists.apache.org/thread.html/r855b24a3bde3674256152edfc53fb8c9000f9b5... | |
| https://lists.apache.org/thread.html/r857b31ad16c6e76002bc6cca73c83358ed25954... | |
| https://lists.apache.org/thread.html/r897a6a14d03eab09e89b809d2a650f376506520... | |
| https://lists.apache.org/thread.html/r8b1963f16d6cb1230ca7ee73b6ec4f5c48f3441... | |
| https://lists.apache.org/thread.html/r8dc1b13b80d39fbf4a9d158850e15cd868f0460... | |
| https://lists.apache.org/thread.html/ra2f529da674f25a7351543544f7d621b5227c49... | |
| https://lists.apache.org/thread.html/ra384892bab8c03a60613a6a9d5e9cae0a2b800f... | |
| https://lists.apache.org/thread.html/ra40a88a2301a3da86e25b501ff4bc88124f2b81... | |
| https://lists.apache.org/thread.html/ra47a26c008487b0a739a368c846e168de06c3cd... | |
| https://lists.apache.org/thread.html/raa6d60b00b67c0550672b4f506f0df75b323dcd... | |
| https://lists.apache.org/thread.html/rb79b62ac3085e05656e41865f5a7efcbdc7dcd7... | |
| https://lists.apache.org/thread.html/rc052fd4e9e9c01bead74c0b5680355ea5dc3b72... | |
| https://lists.apache.org/thread.html/rc721fe2910533bffb6bd4d69ea8ff4f36066d26... | |
| https://lists.apache.org/thread.html/rd666e187ebea2fda8624683ab51e2a5ad2108f7... | |
| https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc12... | |
| https://lists.apache.org/thread.html/rdd6c47321db1bfe12c68a898765bf3b6f97e2af... | |
| https://lists.apache.org/thread.html/re03a4dbc15df6f390a2f8c0a071c31c8324dbef... | |
| https://lists.apache.org/thread.html/re0d38cc2b5da28f708fc89de49036f3ace052c4... | |
| https://lists.apache.org/thread.html/re19fa47ec901cc3cf6d7784027198e8113f8bc2... | |
| https://lists.apache.org/thread.html/re3bd4f831f9be49871cb6adb997289b5dbcd6fe... | |
| https://lists.apache.org/thread.html/re43768896273c0b5f1a03d7f0a9d37085207448... | |
| https://lists.apache.org/thread.html/re819198d4732804dc01fca8b5b144689a118ede... | |
| https://lists.apache.org/thread.html/reb3c6dc050c7ee18ea154cd94dba85d99aa6b02... | |
| https://lists.apache.org/thread.html/reca91f217f9e1ce607ce6e19a1c0b3db82b5b1b... | |
| https://lists.apache.org/thread.html/rf190d1d28e1367d1664ef6bc2f71227566d7b6b... | |
| https://lists.apache.org/thread.html/rf6c2efa3137bc8c22707e550a1f9b80f74bca62... | |
| https://lists.apache.org/thread.html/rf77f4c4583669f1133d58cc4f1964367e253818... | |
| https://lists.apache.org/thread.html/rff630ce92a4d1bb494fc1a3f9b57a3d60819b43... | |
| https://security.netapp.com/advisory/ntap-20210401-0005/ | |
| https://www.debian.org/security/2021/dsa-4949 | |
| https://www.oracle.com/security-alerts/cpuApr2021.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | * |
From (including) 9.4.7 |
Up to (excluding) 9.4.36 |
||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | 10.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | 11.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | 9.4.36 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | 9.4.6 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | jetty | * |
Up to (excluding) 9.4.16-0+deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | jetty | * |
Up to (excluding) 9.4.36-1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | jetty | * |
Up to (excluding) 9.2.21-1+deb9u1 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...