CVE-2024-9823

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
eclipseCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
eclipsejetty
9.4.54 <
𝑥
< 9.4.54
eclipsejetty
10.0.18 <
𝑥
< 10.0.18
eclipsejetty
11.0.18 <
𝑥
< 11.0.18
eclipsejetty
12.0.3 <
𝑥
< 12.0.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jetty9
bullseye
vulnerable
bullseye (security)
9.4.57-0+deb11u2
fixed
bookworm
9.4.57-0+deb12u1
fixed
bookworm (security)
9.4.57-0+deb12u1
fixed
sid
9.4.57-1
fixed
trixie
9.4.57-1
fixed
Common Weakness Enumeration
References
https://github.com/jetty/jetty.project/issues/1256
https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
https://security.netapp.com/advisory/ntap-20250306-0006/