Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-28165 - log back

CVE-2021-28165 edited at 20 Apr 2021 19:01:02

Remote

-	Unknown
+	Remote

CVE-2021-28165 created at 20 Apr 2021 19:00:07

Severity

+

High

Remote

+

Unknown

Type

+	Denial of service

Description

+	When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage.

References

+	https://www.jenkins.io/security/advisory/2021-04-20/
+	https://github.com/advisories/GHSA-26vr-8j45-3r4w

Notes