CVE-2024-9823

EUVD-2024-3062
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
eclipsejetty
9.0.0 ≤
𝑥
< 9.4.54
eclipsejetty
10.0.0 ≤
𝑥
< 10.0.18
eclipsejetty
11.0.0 ≤
𝑥
< 11.0.18
eclipsejetty
12.0.0 ≤
𝑥
< 12.0.3
netappbootstrap_os
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
netappactive_iq_unified_manager
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
eclipsejetty
9.0.0 ≤
𝑥
< 9.4.54
ADP
eclipsejetty
10.0.0 ≤
𝑥
< 10.0.18
ADP
eclipsejetty
11.0.0 ≤
𝑥
< 11.0.18
ADP
eclipsejetty
12.0.0 ≤
𝑥
< 12.0.3
ADP
Debian logo
Debian Releases
Debian Product
Codename
jetty9
bookworm
9.4.57-0+deb12u1
fixed
bookworm (security)
9.4.57-1.1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
9.4.57-0+deb11u3
fixed
forky
9.4.57-1.1
fixed
sid
9.4.57-1.1
fixed
trixie
9.4.57-1.1~deb13u1
fixed
trixie (security)
9.4.57-1.1~deb13u1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
jetty-annotations
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-ant
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-client
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-continuation
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-deploy
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-http
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-io
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jaas
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jaspi
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-javadoc
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jmx
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jndi
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jsp
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-jspc-maven-plugin
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-maven-plugin
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-monitor
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-plus
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-project
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-proxy
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-rewrite
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-runner
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-security
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-server
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-servlet
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-servlets
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-start
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-util
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-util-ajax
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-webapp
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-api
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-client
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-common
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-parent
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-server
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-websocket-servlet
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed
jetty-xml
Amazon Linux 2
0:9.0.3-8.amzn2.0.4
fixed