CVE Tools

CVE-2019-17638

Published: Jul 9, 2020Updated: Nov 21, 2024 Sources: CVE List NVD GHSA BDUCWE-672

9.4CVSSCRITICAL

No Known Exploits

Patch Available

Am I actually vulnerable?1 Nuclei template available — see how to check your systems. How to verify

Description

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:LAvailability

Low

Open in CVSS calculator →

Weaknesses

CWE-672 CWE-675

Affected Products

Eclipse Jetty The Eclipse Foundation

LibraryLibrary

OSS Libraries / web-framework

jetty eclipse DevTools & CI

Debian GNU/Linux Сообщество свободного программного обеспечения

On-premOS

Operating Systems / linux-distro

FMW Platform Oracle Corp.

On-prem

Databases / relational

Jboss Fuse Red Hat Inc.

On-premWeb App

DevTools & CI / build-test-tools

the eclipse foundationoss-projectOSS Librariesaka eclipse jetty, eclipse mosquitto, eclipse openj9

eclipseoss-projectBEDevTools & CIaka eclipse-foundation

сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf

oracle corp.commercialUSDatabasesaka oracle

red hat inc.commercialUSOperating Systemsaka red hat

and 11 more affected products View all →

Exploitability

Official Patch Available

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984

bugs.eclipse.org

http://www.openwall.com/lists/oss-security/2020/08/17/1

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XE6US6VPZHOWFMUSFGDS5V2DNQPY5MKB/

lists.fedoraproject.org

and 38 more references View all →

Timeline

Published

Jul 9, 2020

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2019-17638 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows