CVE-2024-6762
published 2024-10-14CVE-2024-6762: Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jetty9 | < jetty9 9.4.57-0+deb12u1 (bookworm) | jetty9 9.4.57-0+deb12u1 (bookworm) |
| eclipse | jetty | >= 10.0.0 < 10.0.18 | 10.0.18 |
| eclipse | jetty | >= 11.0.0 < 11.0.18 | 11.0.18 |
| eclipse | jetty | >= 12.0.0 < 12.0.4 | 12.0.4 |
| eclipse_foundation | jetty | 10.0.0 – 10.0.17 | — |
| eclipse_foundation | jetty | 11.0.0 – 11.0.17 | — |
| eclipse_foundation | jetty | 12.0.0 – 12.0.3 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM