Jetty Hashtable denial of Service.

Flash (Alert)


Abstract

A vulnerability was reported in Jetty. A remote user can cause denial of service conditions.

A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance degradation on the target server.

How does it Affect :

Flume in BigInsights Version 1.3, 1.3 FP1 and 1.4 use Jetty which can be affected by this vulnerability.


Remediation:

The BigInsights fix packs version 1.3.0.2 and 1.4.0.1, have the Jetty upgraded which will contain the fix.

A fix to this issue in Jetty is also available at:

http://dev.eclipse.org/mhonarc/lists/jetty-users/msg01818.html
https://github.com/eclipse/jetty.project/commit/085c79d7d6cfbccc02821ffdb64968593df3e0bf

Content

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

InfoSphere BigInsights
Web Console

Software version:

1.1.0, 1.2.0, 1.3.0, 1.4.0

Operating system(s):

Linux Red Hat - xSeries, Linux SUSE - xSeries

Software edition:

Basic Edition, Enterprise Edition

Reference #:

1599209

Modified date:

2012-08-30

Translate my page

Machine Translation

Content navigation