In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "3.9.8"
}
],
"cpes": [
"cpe:2.3:a:netapp:cloud_manager:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:cloud_manager"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "3.0"
}
],
"cpes": [
"cpe:2.3:a:netapp:e-series_performance_analyzer:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:e-series_performance_analyzer"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "11.0.0"
},
{
"fixed": "11.70.1"
}
],
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:e-series_santricity_os_controller"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "1.10"
}
],
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_storage:*:*:*:*:*:vcenter:*:*"
],
"vendor_product": "netapp:e-series_santricity_storage"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "5.1"
}
],
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_web_services:*:*:*:*:*:web_services_proxy:*:*"
],
"vendor_product": "netapp:e-series_santricity_web_services"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "9.10"
}
],
"cpes": [
"cpe:2.3:a:netapp:ontap_tools:*:*:*:*:*:vmware_vsphere:*:*"
],
"vendor_product": "netapp:ontap_tools"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "5.1"
}
],
"cpes": [
"cpe:2.3:a:netapp:santricity_web_services_proxy:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:santricity_web_services_proxy"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "4.6"
}
],
"cpes": [
"cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:snapcenter"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "9.10"
}
],
"cpes": [
"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*"
],
"vendor_product": "netapp:storage_replication_adapter_for_clustered_data_ontap"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "9.10"
}
],
"cpes": [
"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:vasa_provider_for_clustered_data_ontap"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "8.0.0.0"
},
{
"last_affected": "8.2.4.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_session_report_manager"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "8.0.0.0"
},
{
"last_affected": "8.2.4.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_session_route_manager"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "21.3"
}
],
"cpes": [
"cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:rest_data_services"
},
{
"source": "CPE_RANGE",
"extracted_events": [
{
"last_affected": "21.9"
}
],
"cpes": [
"cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:siebel_core_-_automation"
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "21.0.2"
},
{
"last_affected": "21.0.2"
}
],
"cpes": [
"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:autovue_for_agile_product_lifecycle_management"
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "1.14.0"
},
{
"last_affected": "1.14.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_cloud_native_core_policy"
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "8.2.2"
},
{
"last_affected": "8.2.2"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_element_manager"
},
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_services_gatekeeper"
}
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.277.3"
},
{
"fixed": "2.286"
}
],
"cpe": [
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*"
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "7.2.2"
},
{
"fixed": "9.4.39"
},
{
"introduced": "10.0.0"
},
{
"fixed": "10.0.2"
},
{
"introduced": "11.0.0"
},
{
"fixed": "11.0.2"
}
],
"cpe": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"
}