CVE-2024-9823

EUVD-2024-3062
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
eclipsejetty
9.0.0 ≤
𝑥
< 9.4.54
eclipsejetty
10.0.0 ≤
𝑥
< 10.0.18
eclipsejetty
11.0.0 ≤
𝑥
< 11.0.18
eclipsejetty
12.0.0 ≤
𝑥
< 12.0.3
netappbootstrap_os
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
eclipsejetty
9.0.0 ≤
𝑥
< 9.4.54
ADP
eclipsejetty
10.0.0 ≤
𝑥
< 10.0.18
ADP
eclipsejetty
11.0.0 ≤
𝑥
< 11.0.18
ADP
eclipsejetty
12.0.0 ≤
𝑥
< 12.0.3
ADP
Debian logo
Debian Releases
Debian Product
Codename
jetty9
bookworm
9.4.57-0+deb12u1
fixed
bookworm (security)
9.4.57-1.1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
9.4.57-0+deb11u3
fixed
forky
9.4.57-1.1
fixed
sid
9.4.57-1.1
fixed
trixie
9.4.57-1.1~deb13u1
fixed
trixie (security)
9.4.57-1.1~deb13u1
fixed
Common Weakness Enumeration
References
https://github.com/jetty/jetty.project/issues/1256
https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
https://security.netapp.com/advisory/ntap-20250306-0006/