CVE-2024-8184

CWE-400 — Uncontrolled Resource Consumption CWE-770 — Allocation without Limits8 documents7 sources

Severity

6.5MEDIUM

EPSS

1.5%

top 18.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Jetty Eclipse Foundation Jetty

Timeline

PublishedOct 14

Latest updateJul 15

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.eclipse.jetty:jetty-server12.0.0 — 12.0.9+3

▶NVDeclipse/jetty9.3.12 — 9.4.56+3

▶Debianjetty9< 9.4.57-0+deb11u1+3

▶CVEListV5eclipse_foundation/jetty9.3.12 — 9.4.55+3

Patches

Patch: github.com ↗

🔴Vulnerability Details

GHSA

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks↗2024-10-14

▶

CVEList

Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks↗2024-10-14

▶

OSV

CVE-2024-8184: There exists a security vulnerability in Jetty's ThreadLimitHandler↗2024-10-14

▶

OSV

Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks↗2024-10-14

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Security (Eclipse Jetty) — CVE-2024-8184↗2025-07-15

▶

Red Hat

org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks↗2024-10-14

▶

Debian

CVE-2024-8184: jetty9 - There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() ...↗2024

▶