Vulnerability Description
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Jetty | >= 9.4.0, < 9.4.35 |
| Netapp | Oncommand System Manager | >= 3.0, <= 3.1.3 |
| Netapp | Snap Creator Framework | - |
| Oracle | Blockchain Platform | < 21.1.2 |
| Oracle | Communications Converged Application Server - Service Controller | 6.2 |
| Oracle | Communications Offline Mediation Controller | 12.0.0.3.0 |
| Oracle | Communications Pricing Design Center | 12.0.0.3.0 |
| Oracle | Communications Services Gatekeeper | 7.0 |
| Oracle | Communications Session Route Manager | >= 8.0.0, <= 8.2.4 |
| Oracle | Flexcube Private Banking | 12.0.0 |
| Oracle | Hyperion Infrastructure Technology | 11.1.2.6.0 |
| Oracle | Rest Data Services | < 20.4.3.050.1904 |
| Oracle | Retail Eftlink | 20.0.0 |
| Oracle | Siebel Core - Automation | <= 21.5 |
| Apache | Kafka | 2.7.0 |
| Apache | Spark | 2.4.8 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892Issue TrackingVendor Advisory
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8Third Party Advisory
- https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b791Issue Tracking
- https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad5bbIssue Tracking
- https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9f09Issue Tracking
- https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0ea6Issue Tracking
- https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152a85Issue Tracking
- https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bcc1dIssue Tracking
- https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea61cdIssue Tracking
- https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daecbdeIssue Tracking
- https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2831Issue Tracking
- https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d8e0Issue Tracking
- https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632d80Issue Tracking
- https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c8566a4Issue Tracking
- https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e4650Issue Tracking
FAQ
What is CVE-2020-27218?
CVE-2020-27218 is a vulnerability with a CVSS score of 4.8 (MEDIUM). In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients ...
How severe is CVE-2020-27218?
CVE-2020-27218 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27218?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Jetty, Netapp Oncommand System Manager, Netapp Snap Creator Framework, Oracle Blockchain Platform, Oracle Communications Converged Application Server - Service Controller.