CVE-2021-28165 - Denial of Service (DoS)

Severity: High2022-03-10

Security Advisories


In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

The Oxygen License Server product incorporates Eclipse Jetty as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen License Server v24.0 and older Low Oxygen License Server 24.1 build 2022030712





Severity: High

CVSS Score: 7.5

The Eclipse Jetty package used by Oxygen License Server product is an affected version mentioned in CVE-2021-28165 vulnerability description.

Starting with Oxygen License Server version 24.1, the Eclipse Jetty was updated to version 9.4.45.v20220203, which includes a fix for CVE-2021-41303.

List of Security Advisories