Описание
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
A flaw was found in Jetty's ThreadLimitHandler.getRemote(). This flaw allows unauthorized users to cause remote denial of service (DoS) attacks. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
Отчет
This vulnerability is rated as moderate rather than important because it requires specific conditions to be met, including continuous, crafted requests that deliberately target memory allocation to exhaust resources. While it can cause a denial of service, it does not lead to direct compromise of sensitive data, unauthorized access, or code execution.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | org.eclipse.jetty/jetty-server | Will not fix | ||
| Red Hat AMQ Broker 7 | org.eclipse.jetty/jetty-server | Affected | ||
| Red Hat AMQ Clients | org.eclipse.jetty/jetty-server | Fix deferred | ||
| Red Hat build of Apache Camel - HawtIO 4 | org.eclipse.jetty/jetty-server | Affected | ||
| Red Hat build of Apicurio Registry 2 | org.eclipse.jetty/jetty-server | Not affected | ||
| Red Hat build of Debezium 2 | org.eclipse.jetty/jetty-server | Not affected | ||
| Red Hat Build of Keycloak | org.eclipse.jetty/jetty-server | Will not fix | ||
| Red Hat Data Grid 8 | org.eclipse.jetty/jetty-server | Not affected | ||
| Red Hat Fuse 7 | org.eclipse.jetty/jetty-server | Out of support scope | ||
| Red Hat Integration Camel K 1 | org.eclipse.jetty/jetty-server | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
There exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
EPSS
6.5 Medium
CVSS3