Buffer Leak Vulnerability in Eclipse Jetty
CVE-2024-7708
7.5HIGH
What is CVE-2024-7708?
A buffer leak vulnerability exists in Eclipse Jetty for requests containing a body where reading the body can result in the exposure of zero bytes. This situation often arises during interactions with slow network conditions or specific request types like 100-Continue. The vulnerability can lead to potential information exposure and could be exploited in specific network scenarios, necessitating immediate attention to applicable security updates and best practices.
Affected Version(s)
Eclipse Jetty 10.0.7 < 10.0.23
Eclipse Jetty 11.0.7 < 11.0.23
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
https://github.com/kimmerin
https://github.com/pmneo
