Remote Denial-of-Service Vulnerability in Jetty by Eclipse Foundation
CVE-2024-8184

5.9MEDIUM

Key Information:

Vendor: Eclipse Foundation
Status: Jetty
Vendor: CVE Published:; 14 October 2024

🔔 Create Eclipse Foundation Vulnerability Alert

What is CVE-2024-8184?

A security vulnerability exists in the ThreadLimitHandler.getRemote() method of Jetty, enabling unauthorized users to launch a remote denial-of-service (DoS) attack. Attackers can exploit this flaw by sending a series of specially crafted requests, which may lead to OutOfMemory errors, effectively exhausting the server's resources and making the service unavailable. This vulnerability poses a significant risk to the stability and reliability of applications running on affected Jetty versions.

Affected Version(s)

Jetty 9.3.12 <= 9.4.55

Jetty 10.0.0 <= 10.0.23

Jetty 11.0.0 <= 11.0.23

References

https://github.com/jetty/jetty.project/security/advisorie...

https://gitlab.eclipse.org/security/cve-assignement/-/iss...

https://github.com/jetty/jetty.project/pull/11723

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024

JSON