Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22201

Опубликовано: 26 фев. 2024
Источник: debian
EPSS Низкий

Описание

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jetty9fixed9.4.54-1package

Примечания

  • https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

  • https://github.com/jetty/jetty.project/issues/11256

  • Fixed by: https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b (jetty-9.4.54.v20240208)

EPSS

Процентиль: 68%
0.00559
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-22201

CVSS3: 7.5
ubuntu
около 2 лет назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

redhat логотип

CVE-2024-22201

CVSS3: 7.5
redhat
около 2 лет назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

nvd логотип

CVE-2024-22201

CVSS3: 7.5
nvd
около 2 лет назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

suse-cvrf логотип

SUSE-SU-2024:0817-1

suse-cvrf
около 2 лет назад

Security update for jetty-minimal

github логотип

GHSA-rggv-cv7r-mw98

CVSS3: 7.5
github
около 2 лет назад

Connection leaking on idle timeout when TCP congested

EPSS

Процентиль: 68%
0.00559
Низкий