7.5

CVE-2024-9823

Jetty DOS vulnerability on DosFilter

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EclipseJetty Version >= 9.0.0 < 9.4.54
EclipseJetty Version >= 10.0.0 < 10.0.18
EclipseJetty Version >= 11.0.0 < 11.0.18
EclipseJetty Version >= 12.0.0 < 12.0.3
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappActive Iq Unified Manager Version- SwPlatformlinux
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappActive Iq Unified Manager Version- SwPlatformwindows
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.564
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
emo@eclipse.org 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://github.com/jetty/jetty.project/issues/1256
Issue Tracking
https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
Vendor Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20250306-0006/
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html