Loading...

XML

Word

Printable

Type: Vulnerability
Resolution: Not a Bug
Priority: Major
Fix Version/s: None
Affects Version/s: 2.5.4.GA
Component/s: core-library
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:
Source:
CVEORG
CVE ID:
CVE-2024-8184
CVE Severity:
Moderate
CVSS Score:
5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE ID:
CWE-400
Downstream Component Name:
org.eclipse.jetty/jetty-server
Upstream Affected Component:
jetty; org.eclipse.jetty:jetty-server
Embargo Status:
False

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Security Tracking Issue

Do not make this issue public.

Flaw:

Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=2318564

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

~~~

Assignee:: Unassigned

Reporter:: Robb Gatica

Contributors:: Chess Hazlett, Chris Cranford, Jakub Čecháček, Jiri Pechanec, Jonathan Anstey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Due:: 2024/12/03

Created:: 2024/10/14 7:17 PM

Updated:: 2024/10/15 5:43 AM

Resolved:: 2024/10/15 5:43 AM

Target start:: 2024/10/14

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates