CVE-2024-6762

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation without Limits7 documents6 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Jetty Eclipse Foundation Jetty

Timeline

PublishedOct 14

Description

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

▶NVDeclipse/jetty10.0.0 — 10.0.18+2

▶Mavenorg.eclipse.jetty:jetty-servlets10.0.0 — 10.0.18+2

▶Debianjetty9< 9.4.57-0+deb11u1+3

▶CVEListV5eclipse_foundation/jetty10.0.0 — 10.0.17+2

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Jetty PushSessionCacheFilter can cause remote DoS attacks↗2024-10-14

▶

OSV

CVE-2024-6762: Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory↗2024-10-14

▶

OSV

Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks↗2024-10-14

▶

GHSA

Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks↗2024-10-14

▶

📋Vendor Advisories

Red Hat

org.eclipse.jetty:jetty-servlets: jetty: Jetty PushSessionCacheFilter can cause remote DoS attacks↗2024-10-14

▶

Debian

CVE-2024-6762: jetty9 - Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launc...↗2024

▶