- CVE ID
- CVE-2024-6762
- CVE Description
- Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
- Published
- Oct 16, 2024
- CVSS Score & Severity
6.5Medium
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- EPSS Score
- 0.563%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/eclipse/jetty/ee10/servlets/PushCacheFilter.doFilter(Ljakarta/servlet/ServletRequest;Ljakarta/servlet/ServletResponse;Ljakarta/servlet/FilterChain;)VJVMVulnerable params: 0
org/eclipse/jetty/ee8/servlets/PushCacheFilter.doFilter(Ljavax/servlet/ServletRequest;Ljavax/servlet/ServletResponse;Ljavax/servlet/FilterChain;)VJVMVulnerable params: 0
org/eclipse/jetty/ee9/servlets/PushCacheFilter.doFilter(Ljakarta/servlet/ServletRequest;Ljakarta/servlet/ServletResponse;Ljakarta/servlet/FilterChain;)VJVMVulnerable params: 0
org/eclipse/jetty/servlets/PushCacheFilter.doFilter(Ljakarta/servlet/ServletRequest;Ljakarta/servlet/ServletResponse;Ljakarta/servlet/FilterChain;)VJVMVulnerable params: 0
org/eclipse/jetty/servlets/PushSessionCacheFilter.doFilter(Ljakarta/servlet/ServletRequest;Ljakarta/servlet/ServletResponse;Ljakarta/servlet/FilterChain;)VJVMVulnerable params: 0
- Source
- National Vulnerability Database