Vulnerability Name:

CVE-2020-27218 (CCN-192459)

Assigned:2020-11-27
Published:2020-11-27
Updated:2022-05-12
Summary:In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
CVSS v3 Severity:4.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
4.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
4.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-27218

Source: CCN
Type: Bugzilla – Bug 568892
(CVE-2020-27218) - Jetty HttpInput not correctly recycled

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892

Source: XF
Type: UNKNOWN
eclipse-cve202027218-sec-bypass(192459)

Source: CCN
Type: jetty.project GIT Repository
Buffer not correctly recycled in Gzip Request inflation

Source: CONFIRM
Type: Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210212 [jira] [Commented] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] sarutak opened a new pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210216 [jira] [Assigned] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[hbase-issues] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201207 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20201206 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] dongjoon-hyun commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] srowen commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[zookeeper-commits] 20210106 [zookeeper] branch branch-3.5.9 updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] busbey commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210301 [GitHub] [kafka] dongjinleekr commented on pull request #10235: KAFKA-12389: Upgrade of netty-codec due to CVE-2021-21290

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210216 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [jira] [Updated] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[nifi-commits] 20210222 svn commit: r1886814 - /nifi/site/trunk/security.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210222 [GitHub] [kafka] ijuma commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] HyukjinKwon closed pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-dev] 20210205 [jira] [Created] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210216 [GitHub] [spark] sarutak opened a new pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210222 [jira] [Updated] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[spark-commits] 20210218 [spark] branch branch-3.0 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210216 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210216 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[spark-commits] 20210218 [spark] branch branch-3.1 updated: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] eolivelli commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210218 [jira] [Commented] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[kafka-commits] 20210222 [kafka] branch 2.6 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon closed pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[spark-commits] 20210219 [spark] branch branch-2.4 updated: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab4a844f9b28bcf7959@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210212 [jira] [Assigned] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] sarutak commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [jira] [Work started] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] SparkQA removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201215 [GitHub] [zookeeper] phunt commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] phunt commented on a change in pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-dev] 20210222 [jira] [Resolved] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[zookeeper-commits] 20201224 [zookeeper] branch master updated: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[kafka-commits] 20210222 [kafka] branch 2.8 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] SparkQA commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] HyukjinKwon commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139e109207345fa57d9e@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-dev] 20210211 [jira] [Created] (KAFKA-12324) Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr opened a new pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[kafka-commits] 20210222 [kafka] branch 2.7 updated: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20201205 [jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210216 [jira] [Created] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210222 [GitHub] [kafka] omkreddy closed pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201211 [GitHub] [zookeeper] nkalmar commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-issues] 20201224 [jira] [Resolved] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3bf4b29d69a772d72a@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201224 [GitHub] [zookeeper] ztzg closed pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210206 [GitHub] [hbase-thirdparty] busbey closed pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] jojochuang commented on a change in pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] pankaj72981 opened a new pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210222 [GitHub] [kafka] dongjinleekr commented on pull request #10177: KAFKA-12324: Upgrade jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[kafka-jira] 20210302 [GitHub] [kafka] dongjinleekr commented on pull request #10245: KAFKA-12400: Upgrade jetty to fix CVE-2020-27223

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210218 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210216 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201207 [GitHub] [zookeeper] nkalmar commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-dev] 20201208 Re: [VOTE] Apache ZooKeeper release 3.5.9 candidate 0

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-issues] 20210219 [jira] [Resolved] (SPARK-34449) Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201206 [GitHub] [zookeeper] nkalmar commented on a change in pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] srowen commented on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[hbase-dev] 20210206 [jira] [Resolved] (HBASE-25552) [hbase-thirdparty] Update jetty version to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-commits] 20210206 [hbase-thirdparty] branch master updated: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg commented on pull request #1552: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[hbase-issues] 20210205 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #46: HBASE-25552 Upgrade jetty jar to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] sarutak edited a comment on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201206 [GitHub] [zookeeper] ztzg commented on pull request #1554: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] SparkQA removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210219 [GitHub] [spark] AmplabJenkins removed a comment on pull request #31583: [SPARK-34449][BUILD][2.4] Upgrade Jetty to fix CVE-2020-27218

Source: MLIST
Type: Mailing List, Third Party Advisory
[spark-reviews] 20210217 [GitHub] [spark] SparkQA commented on pull request #31574: [SPARK-34449][BUILD] Upgrade Jetty to fix CVE-2020-27218

Source: MISC
Type: Exploit, Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee2d3ebd8aab151a559@%3Cdev.kafka.apache.org%3E

Source: MLIST
Type: Mailing List, Third Party Advisory
[zookeeper-notifications] 20201205 [GitHub] [zookeeper] ztzg opened a new pull request #1553: ZOOKEEPER-4023: dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20201218-0003/

Source: CCN
Type: IBM Security Bulletin 6453455 (Control Center)
Vulnerabilities in Apache HttpClient and Eclipse Jetty Affect IBM Control Center (CVE-2020-13956, CVE-2020-27218)

Source: CCN
Type: IBM Security Bulletin 6466729 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6471577 (Secure Proxy)
Multiple Vulnerabilities were detected in IBM Secure Proxy

Source: CCN
Type: IBM Security Bulletin 6471615 (Secure External Authentication Server)
Multiple Vulnerabilities were detected in IBM Secure External Authentication Server

Source: CCN
Type: IBM Security Bulletin 6574041 (Process Mining)
Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6983274 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-27218

Vulnerable Configuration:Configuration 1:
  • cpe:/a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:*:*:*:*:*:*:*:* (Version >= 9.4.0 and < 9.4.35)

    • Configuration 2:
  • cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* (Version >= 3.0 and <= 3.1.3)

    • Configuration 3:
  • cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:rest_data_services:*:*:*:*:-:*:*:* (Version < 20.4.3.050.1904)
  • OR cpe:/a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.2.4)
  • OR cpe:/a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:* (Version <= 21.5)
  • OR cpe:/a:oracle:retail_eftlink:20.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version < 21.1.2)
  • OR cpe:/a:oracle:hyperion_infrastructure_technology:11.1.2.6.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:apache:kafka:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:spark:2.4.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:spark:3.0.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:9.4.34:*:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:3.4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_proxy:6.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:2.4.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:secure_external_authentication_server:6.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8024
    P
    		jetty-http-9.4.48-150200.3.16.3 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:3395
    P
    		vsftpd-3.0.2-40.11.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95025
    P
    		jetty-http-9.4.43-3.12.2 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94873
    P
    		docker-20.10.12_ce-159.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95170
    P
    		apache2-mod_php8-8.0.10-150400.2.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:101586
    P
    		Security update for the Linux Kernel (Important)
    2022-04-13
    oval:org.opensuse.security:def:112474
    P
    		jetty-annotations-9.4.43-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:101883
    P
    		Security update for the Linux Kernel (Important)
    2021-11-16
    oval:org.opensuse.security:def:105971
    P
    		jetty-annotations-9.4.43-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:96776
    P
    		squashfs-4.3-1.29 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:4464
    P
    		Security update for the Linux Kernel (Important)
    2021-08-10
    oval:org.opensuse.security:def:101275
    P
    		jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63017
    P
    		jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72736
    P
    		jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1928
    P
    		jetty-http-9.4.38-3.6.2 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:111031
    P
    		Security update for jetty-minimal (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:66711
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:75779
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:108252
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:117766
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:5622
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:108549
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:65553
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    oval:org.opensuse.security:def:74621
    P
    		Security update for jetty-minimal (Moderate)
    2020-12-22
    BACK
    eclipse jetty 11.0.0 beta1
    eclipse jetty 11.0.0 beta2
    eclipse jetty 10.0.0 beta1
    eclipse jetty 10.0.0 beta2
    eclipse jetty 10.0.0 beta0
    eclipse jetty 10.0.0 alpha0
    eclipse jetty 10.0.0 alpha1
    eclipse jetty 11.0.0 alpha0
    eclipse jetty *
    netapp snap creator framework -
    netapp oncommand system manager *
    oracle flexcube private banking 12.1.0
    oracle flexcube private banking 12.0.0
    oracle communications offline mediation controller 12.0.0.3.0
    oracle communications services gatekeeper 7.0
    oracle communications pricing design center 12.0.0.3.0
    oracle rest data services *
    oracle communications converged application server - service controller 6.2
    oracle communications session route manager *
    oracle siebel core - automation *
    oracle retail eftlink 20.0.0
    oracle blockchain platform *
    oracle hyperion infrastructure technology 11.1.2.6.0
    apache kafka 2.7.0
    apache spark 2.4.8
    apache spark 3.0.3
    eclipse jetty 9.4.0 rc0
    eclipse jetty 9.4.34
    eclipse jetty 10.0.0 alpha0
    eclipse jetty 10.0.0 beta2
    eclipse jetty 11.0.0 alpha0
    eclipse jetty 11.0.0 beta2
    ibm cognos analytics 11.0
    oracle flexcube private banking 12.0
    oracle flexcube private banking 12.1
    ibm cognos command center 10.2.4.1
    ibm cognos analytics 11.1
    ibm secure proxy 6.0.1
    ibm control center 6.2.0.0
    ibm secure proxy 3.4.3.2
    ibm secure proxy 6.0.2
    ibm secure external authentication server 2.4.3.2
    ibm secure external authentication server 6.0.1
    ibm secure external authentication server 6.0.2