Integration News

IBM Sterling Connect:Direct for UNIX is vulnerable to Uncontrolled Resource Consumption due to Eclipse Jetty.

CVEID: CVE-2025-1948
Description: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
CWE: CWE-400: Uncontrolled Resource Consumption
CVSS Source: emo@eclipse.org
CVSS Base score: 7.5
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Remediation/Fixes

Product

Affected Version

Remediation / Fix / Instructions

IBM Sterling Connect:Direct for UNIX

6.4.0

Apply 6.4.0.3.iFix004, available on Fix Central

IBM Sterling Connect:Direct for UNIX

6.3.0

Apply 6.3.0.6.iFix008, available on Fix Central

Workarounds and Mitigations

None.

Change History

01 Oct 2025: Initial Publication

Click the button below to download this newsletter in PDF format.

Download
home.b2b.solutions
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can offer you the best possible user experience.
Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.