CVE-2018-12545

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 9.3.x through 9.4.x

Description The issue is related to an uncontrolled resource consumption in the HTTP server. It can be exploited by a remote attacker to cause a Denial of Service condition by sending a container with many SETTINGs frames or multiple small SETTINGs frames, which requires additional CPU and memory allocations to handle the changed settings.

Recommendations For Eclipse Jetty versions 9.3.x through 9.4.x, consider restricting access to the server to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.