- CVE ID
- CVE-2024-9823
- CVE Description
- There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
- Published
- Oct 15, 2024
- CVSS Score & Severity
7.5High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- EPSS Score
- 0.680%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/eclipse/jetty/ee10/servlets/DoSFilter.getRateTracker(Ljakarta/servlet/ServletRequest;)Lorg/eclipse/jetty/ee10/servlets/DoSFilter$RateTracker;JVMVulnerable params: 0
org/eclipse/jetty/ee8/servlets/DoSFilter.getRateTracker(Ljavax/servlet/ServletRequest;)Lorg/eclipse/jetty/ee8/servlets/DoSFilter$RateTracker;JVMVulnerable params: 0
org/eclipse/jetty/ee9/servlets/DoSFilter.getRateTracker(Ljakarta/servlet/ServletRequest;)Lorg/eclipse/jetty/ee9/servlets/DoSFilter$RateTracker;JVMVulnerable params: 0
org/eclipse/jetty/servlets/DoSFilter.getRateTracker(Ljavax/servlet/ServletRequest;)Lorg/eclipse/jetty/servlets/DoSFilter$RateTracker;JVMVulnerable params: 0
- Source
- National Vulnerability Database