Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-27223 PoC — Eclipse Jetty 资源管理错误漏洞

Source
https://github.com/ttestoo/Jetty-CVE-2020-27223
Associated Vulnerability
Title:Eclipse Jetty 资源管理错误漏洞 (CVE-2020-27223)
Description:In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
Readme
# Jetty-CVE-2020-27223
File Snapshot

 [4.0K]  /data/pocs/80f43b9af04dc8b492105e44299c0b9e0dfa03a3
├── [4.0K]  payload
│   └── [ 24K]  poc.txt
├── [2.3K]  pom.xml
├── [  23]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  com
        │       └── [4.0K]  ttestoo
        │           └── [4.0K]  jetty
        │               ├── [ 310]  Application.java
        │               └── [4.0K]  controller
        │                   └── [ 485]  HelloController.java
        └── [4.0K]  resources
            └── [ 103]  application.properties

9 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →