CVE-2021-28165 - Denial of Service (DoS)
Severity: High2022-03-10
Abstract
In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.
The Oxygen License Server product incorporates Eclipse Jetty as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen License Server v24.0 and older | Low | Oxygen License Server 24.1 build 2022030712 |
Detail
CVE-2021-28165
Severity: High
CVSS Score: 7.5
The Eclipse Jetty package used by Oxygen License Server product is an affected version mentioned in CVE-2021-28165 vulnerability description.
Starting with Oxygen License Server version 24.1, the Eclipse Jetty was updated to version 9.4.45.v20220203, which includes a fix for CVE-2021-41303.