CVE-2024-9823

CWE-400 — Uncontrolled Resource Consumption7 documents6 sources

Severity

7.5HIGH

EPSS

0.7%

top 28.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Jetty Eclipse Jetty Jetty Eclipse Jetty

Timeline

PublishedOct 14

Description

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages8 packages

▶NVDeclipse/jetty9.0.0 — 9.4.54+3

▶CVEListV5eclipse_jetty/jetty12.0.0 — 12.0.3

▶CVEListV5eclipse_foundation/jetty9.0.0 — 9.4.54+2

▶Mavenorg.eclipse.jetty:jetty-servlets9.0.0 — 9.4.54+2

▶Mavenorg.eclipse.jetty.ee8:jetty-ee8-servlets12.0.0 — 12.0.3

🔴Vulnerability Details

OSV

Eclipse Jetty has a denial of service vulnerability on DosFilter↗2024-10-14

▶

OSV

CVE-2024-9823: There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack↗2024-10-14

▶

CVEList

Jetty DOS vulnerability on DosFilter↗2024-10-14

▶

GHSA

Eclipse Jetty has a denial of service vulnerability on DosFilter↗2024-10-14

▶

📋Vendor Advisories

Red Hat

org.eclipse.jetty:jetty-servlets: jetty: Jetty DOS vulnerability on DosFilter↗2024-10-14

▶

Debian

CVE-2024-9823: jetty9 - There exists a security vulnerability in Jetty's DosFilter which can be exploite...↗2024

▶