Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22201

Опубликовано: 26 фев. 2024
Источник: debian
EPSS Низкий

Описание

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jetty9fixed9.4.54-1package

Примечания

  • https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

  • https://github.com/jetty/jetty.project/issues/11256

  • Fixed by: https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b (jetty-9.4.54.v20240208)

EPSS

Процентиль: 53%
0.00301
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-22201

CVSS3: 7.5
ubuntu
больше 1 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

redhat логотип

CVE-2024-22201

CVSS3: 7.5
redhat
больше 1 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

nvd логотип

CVE-2024-22201

CVSS3: 7.5
nvd
больше 1 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

suse-cvrf логотип

SUSE-SU-2024:0817-1

suse-cvrf
больше 1 года назад

Security update for jetty-minimal

redos логотип

ROS-20240422-03

CVSS3: 7.5
redos
около 1 года назад

Уязвимость Jetty

EPSS

Процентиль: 53%
0.00301
Низкий