- CVE ID
- sonatype-2023-4379
- CWE
- N/A
- CVE Description
- org.eclipse.jetty.http2:jetty-http2-common - Denial of Service (DoS) [CVE-2023-44487]
- Published
- Oct 10, 2023
- CVSS Score & Severity
7.5High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- EPSS Score
- 0%
- KEV Status
Not in KEV Catalog: No known exploits
- Vulnerable Methods
org/eclipse/jetty/http2/internal/parser/ContinuationBodyParser.onHeaders(Ljava/nio/ByteBuffer;)ZJVMVulnerable params: 0
org/eclipse/jetty/http2/internal/parser/ContinuationBodyParser.parse(Ljava/nio/ByteBuffer;)ZJVMVulnerable params: 0
org/eclipse/jetty/http2/parser/ContinuationBodyParser.onHeaders(Ljava/nio/ByteBuffer;)ZJVMVulnerable params: 0
org/eclipse/jetty/http2/parser/ContinuationBodyParser.parse(Ljava/nio/ByteBuffer;)ZJVMVulnerable params: 0
org/eclipse/jetty/http2/parser/HeaderBlockFragments.storeFragment(Ljava/nio/ByteBuffer;IZ)VJVMVulnerable params: 0
org/eclipse/jetty/http2/parser/PushPromiseBodyParser.parse(Ljava/nio/ByteBuffer;)ZJVMVulnerable params: 0
- Source
- Sonatype