Описание
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
A flaw was found in Jetty. The DosFilter can be exploited remotely by unauthorized users to trigger an out-of-memory condition by repeatedly sending specially crafted requests. This issue may cause a crash, leading to a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Serverless | org.eclipse.jetty/jetty-servlets | Not affected | ||
| Red Hat build of Apicurio Registry 2 | org.eclipse.jetty/jetty-servlets | Not affected | ||
| Red Hat build of Debezium 2 | org.eclipse.jetty/jetty-servlets | Not affected | ||
| Red Hat Build of Keycloak | org.eclipse.jetty/jetty-servlets | Will not fix | ||
| Red Hat Data Grid 8 | org.eclipse.jetty/jetty-servlets | Not affected | ||
| Red Hat Fuse 7 | org.eclipse.jetty/jetty-servlets | Out of support scope | ||
| Red Hat Integration Camel K 1 | org.eclipse.jetty/jetty-servlets | Will not fix | ||
| Red Hat JBoss Data Grid 7 | org.eclipse.jetty/jetty-servlets | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | org.eclipse.jetty/jetty-servlets | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.eclipse.jetty/jetty-servlets | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
There exists a security vulnerability in Jetty's DosFilter which can b ...
Eclipse Jetty has a denial of service vulnerability on DosFilter
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании (DoS)
EPSS
5.3 Medium
CVSS3