Denial of Service Vulnerability in Jetty Software by Eclipse
CVE-2024-6762

3.1LOW

Key Information:

Vendor: Eclipse Foundation
Status: Jetty
Vendor: CVE Published:; 14 October 2024

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2024-6762?

The Jetty PushSessionCacheFilter vulnerability allows unauthenticated users to perform remote denial of service attacks by consuming server memory, potentially leading to system instability and downtime. Attackers can exploit this flaw without authentication, which poses a significant risk to the availability of services running on Jetty. Users and administrators are advised to apply relevant patches and monitor their systems for unusual activities.

Affected Version(s)

Jetty 10.0.0 <= 10.0.17

Jetty 11.0.0 <= 11.0.17

Jetty 12.0.0 <= 12.0.3

References

https://github.com/jetty/jetty.project/security/advisorie...

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

https://github.com/jetty/jetty.project/pull/9715

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024

JSON