A vulnerability was reported in Jetty. A remote user can cause denial of service conditions.
A remote user can send specially crafted POST request values to trigger hash collisions and cause significant performance degradation on the target server.
How does it Affect :
Flume in BigInsights Version 1.3, 1.3 FP1 and 1.4 use Jetty which can be affected by this vulnerability.
The BigInsights fix packs version 220.127.116.11 and 18.104.22.168, have the Jetty upgraded which will contain the fix.
A fix to this issue in Jetty is also available at: