CVE-2011-4461

Improper Input Validation in Jetty in maven/org.eclipse.jetty/jetty-server

Identifiers

GHSA-qxp4-27vx-xmm3, CVE-2011-4461

Package Slug

maven/org.eclipse.jetty/jetty-server

Vulnerability

Improper Input Validation in Jetty

Description

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Affected Versions

All versions up to 8.1.0.rc2

Solution

Upgrade to version 8.1.0.RC4 or above.

Last Modified

2022-07-26

source