Loading...

XML

Word

Printable

Type: Vulnerability
Resolution: Not a Bug
Priority: Major
Fix Version/s: None
Affects Version/s: 2.5.4.GA
Component/s: core-library
Labels:

Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:
Source:
CVEORG
CVE ID:
CVE-2024-9823
CVE Severity:
Moderate
CVSS Score:
5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE ID:
CWE-400
Downstream Component Name:
org.eclipse.jetty/jetty-servlets
Upstream Affected Component:
jetty; org.eclipse.jetty:jetty-servlets
Embargo Status:
False

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Security Tracking Issue

Do not make this issue public.

Flaw:

Jetty DOS vulnerability on DosFilter
https://bugzilla.redhat.com/show_bug.cgi?id=2318565

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

~~~

Assignee:: Unassigned

Reporter:: Robb Gatica

Contributors:: Chess Hazlett, Chris Cranford, Jakub Čecháček, Jiri Pechanec, Jonathan Anstey

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Due:: 2024/12/03

Created:: 2024/10/14 7:56 PM

Updated:: 2024/10/15 5:44 AM

Resolved:: 2024/10/15 5:44 AM

Target start:: 2024/10/14

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates