Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-22201

Опубликовано: 26 фев. 2024
Источник: debian

Описание

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
jetty9fixed9.4.54-1package

Примечания

  • https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98

  • https://github.com/jetty/jetty.project/issues/11256

  • Fixed by: https://github.com/jetty/jetty.project/commit/86586df0a8a4d9c6b5af9a621ad1adf1b494d39b (jetty-9.4.54.v20240208)

Связанные уязвимости

ubuntu логотип

CVE-2024-22201

CVSS3: 7.5
ubuntu
почти 2 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

redhat логотип

CVE-2024-22201

CVSS3: 7.5
redhat
почти 2 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

nvd логотип

CVE-2024-22201

CVSS3: 7.5
nvd
почти 2 года назад

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

suse-cvrf логотип

SUSE-SU-2024:0817-1

suse-cvrf
больше 1 года назад

Security update for jetty-minimal

redos логотип

ROS-20240422-03

CVSS3: 7.5
redos
больше 1 года назад

Уязвимость Jetty