CVE-2024-9823
EUVD-2024-306214.10.2024, 15:15
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| eclipse | jetty | 9.0.0 ≤ 𝑥 < 9.4.54 |
| eclipse | jetty | 10.0.0 ≤ 𝑥 < 10.0.18 |
| eclipse | jetty | 11.0.0 ≤ 𝑥 < 11.0.18 |
| eclipse | jetty | 12.0.0 ≤ 𝑥 < 12.0.3 |
| netapp | bootstrap_os | - |
| netapp | active_iq_unified_manager | - |
| netapp | active_iq_unified_manager | - |
| netapp | active_iq_unified_manager | - |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| eclipse | jetty | 9.0.0 ≤ 𝑥 < 9.4.54 | ADP |
| eclipse | jetty | 10.0.0 ≤ 𝑥 < 10.0.18 | ADP |
| eclipse | jetty | 11.0.0 ≤ 𝑥 < 11.0.18 | ADP |
| eclipse | jetty | 12.0.0 ≤ 𝑥 < 12.0.3 | ADP |
Debian Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| jetty-annotations |
| ||
| jetty-ant |
| ||
| jetty-client |
| ||
| jetty-continuation |
| ||
| jetty-deploy |
| ||
| jetty-http |
| ||
| jetty-io |
| ||
| jetty-jaas |
| ||
| jetty-jaspi |
| ||
| jetty-javadoc |
| ||
| jetty-jmx |
| ||
| jetty-jndi |
| ||
| jetty-jsp |
| ||
| jetty-jspc-maven-plugin |
| ||
| jetty-maven-plugin |
| ||
| jetty-monitor |
| ||
| jetty-plus |
| ||
| jetty-project |
| ||
| jetty-proxy |
| ||
| jetty-rewrite |
| ||
| jetty-runner |
| ||
| jetty-security |
| ||
| jetty-server |
| ||
| jetty-servlet |
| ||
| jetty-servlets |
| ||
| jetty-start |
| ||
| jetty-util |
| ||
| jetty-util-ajax |
| ||
| jetty-webapp |
| ||
| jetty-websocket-api |
| ||
| jetty-websocket-client |
| ||
| jetty-websocket-common |
| ||
| jetty-websocket-parent |
| ||
| jetty-websocket-server |
| ||
| jetty-websocket-servlet |
| ||
| jetty-xml |
|
References