CVE-2024-8184

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*

History

08 Nov 2024, 21:00

Type Values Removed Values Added
CPE cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
First Time Eclipse jetty
Eclipse
References () https://github.com/jetty/jetty.project/pull/11723 - () https://github.com/jetty/jetty.project/pull/11723 - Patch
References () https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq - () https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq - Vendor Advisory
References () https://gitlab.eclipse.org/security/cve-assignement/-/issues/30 - () https://gitlab.eclipse.org/security/cve-assignement/-/issues/30 - Vendor Advisory
CVSS v2 : unknown
v3 : 5.9
v2 : unknown
v3 : 6.5
CWE CWE-770

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de seguridad en ThreadLimitHandler.getRemote() de Jetty que puede ser explotada por usuarios no autorizados para provocar un ataque de denegación de servicio (DoS) remoto. Al enviar repetidamente solicitudes manipuladas, los atacantes pueden generar errores OutofMemory y agotar la memoria del servidor.

14 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-14 16:15

Updated : 2024-11-08 21:00


NVD link : CVE-2024-8184

Mitre link : CVE-2024-8184

CVE.ORG link : CVE-2024-8184


JSON object : View

Products Affected

eclipse

  • jetty
CWE
CWE-770

Allocation of Resources Without Limits or Throttling

CWE-400

Uncontrolled Resource Consumption