Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-22201

Good to know:

icon
icon

Date: February 26, 2024

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Language: Java

Severity Score

Related Resources (8)

https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
http://www.openwall.com/lists/oss-security/2024/03/20/2
https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
https://security-tracker.debian.org/tracker/CVE-2024-22201
https://github.com/jetty/jetty.project/issues/11256
https://security.netapp.com/advisory/ntap-20240329-0001/
https://nvd.nist.gov/vuln/detail/CVE-2024-22201
https://www.mend.io/vulnerability-database/CVE-2024-22201

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version org.eclipse.jetty.http2:http2-common:9.4.54,10.0.20,11.0.20, org.eclipse.jetty.http2:jetty-http2-common:12.0.6, org.eclipse.jetty.http3:http3-common:10.0.20,11.0.20, org.eclipse.jetty.http3:jetty-http3-common:12.0.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us