CVEs-PoC/2021/CVE-2021-28165.md

### [CVE-2021-28165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165)
![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Jetty&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%207.2.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-551&color=brighgreen)

### Description

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

### POC

#### Reference
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/hshivhare67/Jetty_v9.4.31_CVE-2021-28165
- https://github.com/m3n0sd0n4ld/uCVE
- https://github.com/mchmarny/disco
- https://github.com/nidhi7598/jetty-9.4.31_CVE-2021-28165
- https://github.com/uthrasri/CVE-2021-28165