CVE-2024-9823
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
14/10/2024
Last modified:
03/11/2025
Description
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | 9.0.0 (including) | 9.4.54 (excluding) |
| cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | 10.0.0 (including) | 10.0.18 (excluding) |
| cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | 11.0.0 (including) | 11.0.18 (excluding) |
| cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | 12.0.0 (including) | 12.0.3 (excluding) |
| cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/jetty/jetty.project/issues/1256
- https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
- https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
- https://security.netapp.com/advisory/ntap-20250306-0006/