CNNVD-202508-2327 Information
CNNVD ID
CNNVD-202508-2327
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.4.57及之前版本、10.0.25及之前版本、11.0.25及之前版本、12.0.21及之前版本和12.1.0.alpha2及之前版本存在安全漏洞,该漏洞源于HTTP/2客户端可能触发服务器发送RST_STREAM帧,导致资源消耗。
Description (English)
Eclipse Jetty is an open source of the Eclipse Foundation’s Java-based Web server and Java Servlet container. Eclipse Jetty 9.4.57 and earlier, 10.0.25 and earlier, 11.0.25 and earlier, 12.0.21 and earlier, and 12.1.0.alpha2 and earlier, had a security loophole, which stemmed from the potential for HTTP/2 client to trigger the server to send RST STREAM frames, resulting in resource consumption.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Eclipse
Published
2025-08-20
Last Modified
2026-02-24
References
https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h https://github.com/jetty/jetty.project/releases/tag/jetty-9.4.58.v20250814 https://github.com/jetty/jetty.project/releases/tag/jetty-12.1.0 https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.25 https://github.com/jetty/jetty.project/releases/tag/jetty-11.0.26 https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.26 https://github.com/jetty/jetty.project/pull/13449 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html https://nvd.nist.gov/vuln/detail/CVE-2025-5115
Patch
https://github.com/jetty/jetty.project/releases
Share on: