Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-dev] Statement about HTTP/2 CONTINUATION frames can be utilized for DoS attacks #421644

An industry level HTTP/2 vulnerability related to HTTP/2 CONTINUATION frames being utilized for DoS attacks has just been published.

https://www.kb.cert.org/vuls/id/421644

Eclipse Jetty is Not Affected by this vulnerability.

The Eclipse Jetty team (and the original reporter of the vulnerability) has tested various recent releases of Eclipse Jetty to verify.

The following releases, using default configurations for HTTP/2, have been tested and do not have the problems identified in the vulnerability.
  • Eclipse Jetty - 12.0.7 (current supported version)
  • Eclipse Jetty - 11.0.20 (now at End of Community Support)
  • Eclipse Jetty - 10.0.20 (now at End of Community Support)
  • Eclipse Jetty - 9.4.54 (now at End of Community Support)

Joakim Erdfelt / joakim@xxxxxxxxxxx

Back to the top