CVE-2021-28165 - Denial of Service (DoS)

Severity: High2022-03-10

Security Advisories

Abstract

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

The Oxygen License Server product incorporates Eclipse Jetty as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen License Server v24.0 and older Low Oxygen License Server 24.1 build 2022030712

Mitigation

None

Detail

CVE-2021-28165

Severity: High

CVSS Score: 7.5

The Eclipse Jetty package used by Oxygen License Server product is an affected version mentioned in CVE-2021-28165 vulnerability description.

Starting with Oxygen License Server version 24.1, the Eclipse Jetty was updated to version 9.4.45.v20220203, which includes a fix for CVE-2021-41303.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Oxygen AI Positron: Your Helper in All Stages of Content Creation
May 8, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor