HIGH✓ PATCH🇬🇧 English

CVE-2021-28165

CVSS 7.5v3.1pub. 2021-04-01upd. 2025-08-27

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Eclipse Jetty

    APP
    Eclipse
    7.2.2 – 9.4.39 (bez)10.0.0 – 10.0.2 (bez)11.0.0 – 11.0.2 (bez)
  • Jenkins

    APP
    Jenkins
    < 2.286< 2.277.3
  • Netapp Cloud Manager

    APP
    Netapp
    < 3.9.8
  • Netapp E Series Performance Analyzer

    APP
    Netapp
    < 3.0
  • Netapp E Series Santricity Os Controller

    APP
    Netapp
    11.0.0 – 11.70.1 (bez)
  • Netapp E Series Santricity Storage

    APP
    Netapp
    < 1.10
  • Netapp E Series Santricity Web Services

    APP
    Netapp
    < 5.1
  • Netapp Ontap Tools

    APP
    Netapp
    < 9.10
  • Netapp Santricity Cloud Connector

    APP
    Netapp
    wszystkie wersje
  • Netapp Santricity Web Services Proxy

    APP
    Netapp
    < 5.1
  • Netapp Snapcenter

    APP
    Netapp
    < 4.6
  • Netapp Storage Replication Adapter For Clustered Data Ontap

    APP
    Netapp
    < 9.10
  • Netapp Vasa Provider For Clustered Data Ontap

    APP
    Netapp
    < 9.10
  • Oracle Autovue For Agile Product Lifecycle Management

    APP
    Oracle
    21.0.2
  • Oracle Communications Cloud Native Core Policy

    APP
    Oracle
    1.14.0
  • Oracle Communications Element Manager

    APP
    Oracle
    8.2.2
  • Oracle Communications Services Gatekeeper

    APP
    Oracle
    7.0
  • Oracle Communications Session Report Manager

    APP
    Oracle
    8.0.0.0 – 8.2.4.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.0.0.0 – 8.2.4.0
  • Oracle Rest Data Services

    APP
    Oracle
    < 21.3
  • Oracle Siebel Core Automation

    APP
    Oracle
    ≤ 21.9
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2024-23897CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Jenkins CLI – odczyt dowolnych plików przez path traversal bez uwierzytelnienia

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2020-1938CRITICAL9.8⚠ KEVten sam produkt

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...

CVE-2021-28165 — HIGH 7.5 | CVEbaza.pl