csaf_certbund - WID-SEC-W-2024-3176

WID-SEC-W-2024-3176

Vulnerability from csaf_certbund

Published

2024-10-14 22:00

Modified

2024-12-19 23:00

Summary

Eclipse Jetty: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.

Angriff

Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Eclipse Jetty ist ein Java-HTTP-Server und Java-Servlet-Container.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Eclipse Jetty ausnutzen, um einen Denial of Service Angriff zu erzeugen und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3176 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3176.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3176 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3176"
      },
      {
        "category": "external",
        "summary": "Jetty Advisory vom 2024-10-14",
        "url": "https://www.eclipse.org//lists/jetty-announce/msg00193.html"
      },
      {
        "category": "external",
        "summary": "Jetty Advisory vom 2024-10-14",
        "url": "https://www.eclipse.org//lists/jetty-announce/msg00194.html"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory vom 2024-10-14",
        "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3720-1 vom 2024-10-18",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/O3QVMQNMY7KSISCQZHRID4KVIGDCRX47/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2024:14408-1 vom 2024-10-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/BNU3R7DW4USCKK4UHDLFZ57HXWYZNOCE/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9571 vom 2024-11-13",
        "url": "https://access.redhat.com/errata/RHSA-2024:9571"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7176904 vom 2024-12-06",
        "url": "https://www.ibm.com/support/pages/node/7176904"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:11023 vom 2024-12-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:11023"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2024-2702 vom 2024-12-20",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2702.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Eclipse Jetty: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-19T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-20T09:13:42.053+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2024-3176",
      "initial_release_date": "2024-10-14T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-14T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-10-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-20T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-05T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-12-12T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.0.9",
                "product": {
                  "name": "Eclipse Jetty \u003c12.0.9",
                  "product_id": "T038318"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.9",
                "product": {
                  "name": "Eclipse Jetty 12.0.9",
                  "product_id": "T038318-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:12.0.9"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.24",
                "product": {
                  "name": "Eclipse Jetty \u003c10.0.24",
                  "product_id": "T038319"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.24",
                "product": {
                  "name": "Eclipse Jetty 10.0.24",
                  "product_id": "T038319-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:10.0.24"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.24",
                "product": {
                  "name": "Eclipse Jetty \u003c11.0.24",
                  "product_id": "T038320"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.24",
                "product": {
                  "name": "Eclipse Jetty 11.0.24",
                  "product_id": "T038320-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:11.0.24"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.56",
                "product": {
                  "name": "Eclipse Jetty \u003c9.4.56",
                  "product_id": "T038321"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.56",
                "product": {
                  "name": "Eclipse Jetty 9.4.56",
                  "product_id": "T038321-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:9.4.56"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.3",
                "product": {
                  "name": "Eclipse Jetty \u003c12.0.3",
                  "product_id": "T038322"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.3",
                "product": {
                  "name": "Eclipse Jetty 12.0.3",
                  "product_id": "T038322-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:12.0.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.4.54",
                "product": {
                  "name": "Eclipse Jetty \u003c9.4.54",
                  "product_id": "T038323"
                }
              },
              {
                "category": "product_version",
                "name": "9.4.54",
                "product": {
                  "name": "Eclipse Jetty 9.4.54",
                  "product_id": "T038323-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:9.4.54"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.18",
                "product": {
                  "name": "Eclipse Jetty \u003c10.0.18",
                  "product_id": "T038324"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.18",
                "product": {
                  "name": "Eclipse Jetty 10.0.18",
                  "product_id": "T038324-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:10.0.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c11.0.18",
                "product": {
                  "name": "Eclipse Jetty \u003c11.0.18",
                  "product_id": "T038325"
                }
              },
              {
                "category": "product_version",
                "name": "11.0.18",
                "product": {
                  "name": "Eclipse Jetty 11.0.18",
                  "product_id": "T038325-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:11.0.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.4",
                "product": {
                  "name": "Eclipse Jetty \u003c12.0.4",
                  "product_id": "T038326"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.4",
                "product": {
                  "name": "Eclipse Jetty 12.0.4",
                  "product_id": "T038326-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:12.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.12",
                "product": {
                  "name": "Eclipse Jetty \u003c12.0.12",
                  "product_id": "T038327"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.12",
                "product": {
                  "name": "Eclipse Jetty 12.0.12",
                  "product_id": "T038327-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:eclipse:jetty:12.0.12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jetty"
          }
        ],
        "category": "vendor",
        "name": "Eclipse"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11.7",
                "product": {
                  "name": "IBM InfoSphere Information Server 11.7",
                  "product_id": "444803",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "InfoSphere Information Server"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6762",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft den Jetty PushSessionCacheFilter und erm\u00f6glicht eine Speicherersch\u00f6pfung. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "444803",
          "T027843",
          "T038324",
          "T038325",
          "398363",
          "T038326",
          "T038322"
        ]
      },
      "release_date": "2024-10-14T22:00:00.000+00:00",
      "title": "CVE-2024-6762"
    },
    {
      "cve": "CVE-2024-6763",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler besteht in der HttpURI-Klasse, wenn sie als Dienstprogrammklasse in einer Anwendung verwendet wird, da das Autorit\u00e4tssegment eines URIs nicht ausreichend validiert wird, wodurch Open-Redirect- oder Server-Side-Request- Forgery-Angriffe m\u00f6glich sind. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen b\u00f6sartigen URI zu erstellen, der das Verhalten des Servers manipulieren kann."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T038318",
          "444803",
          "T027843",
          "398363",
          "T038326",
          "T038327",
          "T038322"
        ]
      },
      "release_date": "2024-10-14T22:00:00.000+00:00",
      "title": "CVE-2024-6763"
    },
    {
      "cve": "CVE-2024-8184",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Eclipse Jetty. Diese Schwachstelle betrifft die Funktion Jetty ThreadLimitHandler.getRemote aufgrund einer unsachgem\u00e4\u00dfen Handhabung der Ressourcenverwaltung, die zu einem Out-of-Memory-Fehler f\u00fchren kann. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er zahlreiche b\u00f6sartige Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T038318",
          "T038319",
          "T038324",
          "T038325",
          "T038326",
          "T038320",
          "T038321",
          "T038322",
          "T038323",
          "T002207",
          "444803",
          "T027843",
          "398363"
        ]
      },
      "release_date": "2024-10-14T22:00:00.000+00:00",
      "title": "CVE-2024-8184"
    },
    {
      "cve": "CVE-2024-9823",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in Eclipse Jetty. Dieser Fehler betrifft den DoSFilter aufgrund einer unsachgem\u00e4\u00dfen internen Anforderungsverfolgung, die eine Auslastung des Speichers erm\u00f6glicht. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, indem er manipulierte Anfragen sendet."
        }
      ],
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "444803",
          "T027843",
          "T038324",
          "T038325",
          "398363",
          "T038322",
          "T038323"
        ]
      },
      "release_date": "2024-10-14T22:00:00.000+00:00",
      "title": "CVE-2024-9823"
    }
  ]
}

cve-2024-6762

Vulnerability from cvelistv5

Published

2024-10-14 15:07

Modified

2024-10-15 17:42

Severity ?

3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Summary

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

References

▼	URL	Tags
	https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
	https://gitlab.eclipse.org/security/cve-assignement/-/issues/24
	https://github.com/jetty/jetty.project/pull/9715
	https://github.com/jetty/jetty.project/pull/9716
	https://github.com/jetty/jetty.project/pull/10756
	https://github.com/jetty/jetty.project/pull/10755

Impacted products

	Vendor	Product	Version
	Eclipse Foundation	Jetty	Version: 10.0.0 ≤ 10.0.17 Version: 11.0.0 ≤ 11.0.17 Version: 12.0.0 ≤ 12.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6762",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:42:42.629742Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:42:50.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-servlets"
          ],
          "packageName": "org.eclipse.jetty:jetty-servlets",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "10.0.17",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.0.17",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.0.3",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lian Kee"
        }
      ],
      "datePublic": "2024-10-14T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eJetty PushSessionCacheFilter can be exploited by unauthenticated users \nto launch remote DoS attacks by exhausting the server\u2019s memory.\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "Jetty PushSessionCacheFilter can be exploited by unauthenticated users \nto launch remote DoS attacks by exhausting the server\u2019s memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T15:07:10.942Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/24"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/9715"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/9716"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/10756"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/10755"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetty  PushSessionCacheFilter can cause remote DoS attacks",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe session usage is intrinsic to the design of the PushCacheFilter.  The issue can be avoided by:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003enot using the PushCacheFilter.  Push has been deprecated by the \nvarious IETF specs and early hints responses should be used instead.\u003c/li\u003e\n\u003cli\u003ereducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory.\u003c/li\u003e\n\u003cli\u003econfiguring a session cache to use \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://jetty.org/docs/jetty/12/programming-guide/server/session.html\"\u003esession passivation\u003c/a\u003e,\n so that sessions are not stored in memory, but rather in a database or \nfile system that may have significantly more capacity than memory.\u003c/li\u003e\n\u003c/ul\u003e"
            }
          ],
          "value": "The session usage is intrinsic to the design of the PushCacheFilter.  The issue can be avoided by:\n\n\n\n  *  not using the PushCacheFilter.  Push has been deprecated by the \nvarious IETF specs and early hints responses should be used instead.\n\n  *  reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory.\n\n  *  configuring a session cache to use  session passivation https://jetty.org/docs/jetty/12/programming-guide/server/session.html ,\n so that sessions are not stored in memory, but rather in a database or \nfile system that may have significantly more capacity than memory."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-6762",
    "datePublished": "2024-10-14T15:07:10.942Z",
    "dateReserved": "2024-07-15T17:35:50.791Z",
    "dateUpdated": "2024-10-15T17:42:50.434Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9823

Vulnerability from cvelistv5

Published

2024-10-14 15:03

Modified

2024-10-15 17:49

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

References

▼	URL	Tags
	https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
	https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
	https://github.com/jetty/jetty.project/issues/1256

Impacted products

Vendor

Product

Version

▼

Eclipse Foundation

Jetty

Version: 9.0.0
Version: 10.0.0
Version: 11.0.0 ≤

Eclipse Jetty	Jetty	Version: 12.0.0
Eclipse Jetty	Jetty	Version: 12.0.0 ≤
Eclipse Jetty	Jetty	Version: 12.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jetty",
            "vendor": "eclipse",
            "versions": [
              {
                "lessThan": "9.4.54",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "10.0.18",
                "status": "affected",
                "version": "10.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.0.18",
                "status": "affected",
                "version": "11.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9823",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:46:11.062398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:49:38.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-servlets"
          ],
          "packageName": "org.eclipse.jetty:jetty-servlets",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "9.4.54",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semvar"
            },
            {
              "lessThan": "10.0.18",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semvar"
            },
            {
              "lessThan": "11.0.18",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-ee8-servlets"
          ],
          "packageName": "org.eclipse.jetty.ee8:jetty-ee8-servlets",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Jetty",
          "versions": [
            {
              "lessThan": "12.0.3",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semvar"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-ee9-servlets"
          ],
          "packageName": "org.eclipse.jetty.ee8:jetty-ee9-servlets",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Jetty",
          "versions": [
            {
              "lessThan": "12.0.3",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-ee10-servlets"
          ],
          "packageName": "org.eclipse.jetty.ee8:jetty-ee10-servlets",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Jetty",
          "versions": [
            {
              "lessThan": "12.0.3",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semvar"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lian Kee"
        }
      ],
      "datePublic": "2024-10-14T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There exists a security vulnerability in Jetty\u0027s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server\u0027s memory finally.\u003cbr\u003e"
            }
          ],
          "value": "There exists a security vulnerability in Jetty\u0027s DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server\u0027s memory finally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T15:29:14.390Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39"
        },
        {
          "url": "https://github.com/jetty/jetty.project/issues/1256"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetty DOS vulnerability on DosFilter",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The \u003ccode\u003eDoSFilter\u003c/code\u003e can be configured to not use sessions for tracking usage by setting the \u003ccode\u003etrackSessions\u003c/code\u003e init parameter to \u003ccode\u003efalse\u003c/code\u003e.  This will then use only the IP tracking mechanism, which is not vulnerable.\u003cbr\u003e\nSessions can also be configured to have aggressive passivation or inactivation limits.\u003cbr\u003e"
            }
          ],
          "value": "The DoSFilter can be configured to not use sessions for tracking usage by setting the trackSessions init parameter to false.  This will then use only the IP tracking mechanism, which is not vulnerable.\n\nSessions can also be configured to have aggressive passivation or inactivation limits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-9823",
    "datePublished": "2024-10-14T15:03:02.293Z",
    "dateReserved": "2024-10-10T15:56:32.744Z",
    "dateUpdated": "2024-10-15T17:49:38.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-6763

Vulnerability from cvelistv5

Published

2024-10-14 15:06

Modified

2024-10-15 17:45

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks.

References

▼	URL	Tags
	https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
	https://gitlab.eclipse.org/security/cve-assignement/-/issues/25
	https://github.com/jetty/jetty.project/pull/12012

Impacted products

	Vendor	Product	Version
	Eclipse Foundation	Jetty	Version: 7.0.0 ≤ 12.0.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jetty",
            "vendor": "eclipse",
            "versions": [
              {
                "lessThanOrEqual": "12.0.11",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6763",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:44:14.448650Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:45:35.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-http"
          ],
          "packageName": "org.eclipse.jetty:jetty-http",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "12.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/zer0yu"
        }
      ],
      "datePublic": "2024-10-14T15:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eEclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, \u003ccode\u003eHttpURI\u003c/code\u003e, for URI/URL parsing.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003eHttpURI\u003c/code\u003e class does insufficient validation on the authority segment of a URI.  However the behaviour of \u003ccode\u003eHttpURI\u003c/code\u003e\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically \u003ccode\u003eHttpURI\u003c/code\u003e\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks.\u003c/p\u003e"
            }
          ],
          "value": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI.  However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC.  Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T15:30:38.815Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/12012"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetty URI parsing of invalid authority",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe attacks outlined above rely on decoded user data being passed to the \u003ccode\u003eHttpURI\u003c/code\u003e class. Application should not pass decoded user data as an encoded URI to any URI class/method, including \u003ccode\u003eHttpURI\u003c/code\u003e.  Such applications are likely to be vulnerable in other ways.\u003cbr\u003e\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority.  Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4\"\u003eRFC9110 Section 4.2.4\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser).\u003c/p\u003e"
            }
          ],
          "value": "The attacks outlined above rely on decoded user data being passed to the HttpURI class. Application should not pass decoded user data as an encoded URI to any URI class/method, including HttpURI.  Such applications are likely to be vulnerable in other ways.\n\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority.  Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per  RFC9110 Section 4.2.4 https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4 .\n\n\nNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-6763",
    "datePublished": "2024-10-14T15:06:07.298Z",
    "dateReserved": "2024-07-15T17:37:53.605Z",
    "dateUpdated": "2024-10-15T17:45:35.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8184

Vulnerability from cvelistv5

Published

2024-10-14 15:09

Modified

2024-10-15 17:42

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

References

▼	URL	Tags
	https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
	https://gitlab.eclipse.org/security/cve-assignement/-/issues/30
	https://github.com/jetty/jetty.project/pull/11723

Impacted products

	Vendor	Product	Version
	Eclipse Foundation	Jetty	Version: 9.3.12 ≤ 9.4.55 Version: 10.0.0 ≤ 10.0.23 Version: 11.0.0 ≤ 11.0.23 Version: 12.0.0 ≤ 12.0.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8184",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:41:50.744158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:42:01.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "defaultStatus": "unaffected",
          "modules": [
            "jetty-server"
          ],
          "packageName": "org.eclipse.jetty:jetty-server",
          "product": "Jetty",
          "repo": "https://github.com/jetty/jetty.project",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.4.55",
              "status": "affected",
              "version": "9.3.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.23",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "11.0.23",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.0.8",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/HRsGIT"
        }
      ],
      "datePublic": "2024-10-14T03:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There exists a security vulnerability in Jetty\u0027s \u003ccode\u003eThreadLimitHandler.getRemote()\u003c/code\u003e which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server\u0027s memory.\u003cbr\u003e"
            }
          ],
          "value": "There exists a security vulnerability in Jetty\u0027s ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server\u0027s memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T15:30:02.698Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq"
        },
        {
          "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30"
        },
        {
          "url": "https://github.com/jetty/jetty.project/pull/11723"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Do not use \u003ccode\u003eThreadLimitHandler\u003c/code\u003e.\u003cbr\u003e\nConsider use of \u003ccode\u003eQoSHandler\u003c/code\u003e instead to artificially limit resource utilization.\u003cbr\u003e"
            }
          ],
          "value": "Do not use ThreadLimitHandler.\n\nConsider use of QoSHandler instead to artificially limit resource utilization."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2024-8184",
    "datePublished": "2024-10-14T15:09:37.861Z",
    "dateReserved": "2024-08-26T15:58:44.006Z",
    "dateUpdated": "2024-10-15T17:42:01.168Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

WID-SEC-W-2024-3176

Vulnerability from csaf_certbund

cve-2024-6762

Vulnerability from cvelistv5

cve-2024-9823

Vulnerability from cvelistv5

cve-2024-6763

Vulnerability from cvelistv5

cve-2024-8184

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature