Denial-of-Service Vulnerability in Jetty's DosFilter
CVE-2024-9823

Currently unrated

Key Information:

Vendor
Eclipse Foundation
Vendor
CVE Published:
14 October 2024

Summary

A security vulnerability has been identified in Jetty's DosFilter that allows unauthorized users to exploit the system and initiate remote denial-of-service (DoS) attacks. Attackers can send a series of specially crafted requests, which can overwhelm the server and lead to OutOfMemory errors. This results in the server exhausting its available memory, potentially leading to a complete service disruption. Administrators are urged to review their configurations and apply necessary mitigations to safeguard against this vulnerability.

References

https://github.com/jetty/jetty.project/security/advisorie...
https://gitlab.eclipse.org/security/cve-assignement/-/iss...
https://github.com/jetty/jetty.project/issues/1256

Timeline

  • Vulnerability published

.
CVE-2024-9823 : Denial-of-Service Vulnerability in Jetty's DosFilter | SecurityVulnerability.io