CVE-2024-22201
- Source
- https://cve.org/CVERecord?id=CVE-2024-22201
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22201.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22201
- Aliases
- Downstream
- Related
- Published
- 2024-02-26T16:13:33.848Z
- Modified
- 2026-04-10T05:09:06.879625Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Jetty connection leaking on idle timeout when TCP congested
- Details
-
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22201.json", "cwe_ids": [ "CWE-400" ] }- References
-
- http://www.openwall.com/lists/oss-security/2024/03/20/2
- https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22201.json
- https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
- https://nvd.nist.gov/vuln/detail/CVE-2024-22201
- https://security.netapp.com/advisory/ntap-20240329-0001/
- https://github.com/jetty/jetty.project/issues/11256
Affected packages
Git / github.com/eclipse/jetty.project
Affected ranges
- Type
- GIT
- Repo
- https://github.com/eclipse/jetty.project
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "9.3.0" }, { "fixed": "9.4.54" }, { "introduced": "10.0.0" }, { "fixed": "10.0.20" }, { "introduced": "11.0.0" }, { "fixed": "11.0.20" }, { "introduced": "12.0.0" }, { "fixed": "12.0.6" }, { "introduced": "0" }, { "last_affected": "10.0" } ] }
Affected versions
jetty-10.*
jetty-10.0.0
jetty-10.0.0.beta1
jetty-10.0.18
jetty-10.0.19
jetty-10.0.2
jetty-10.0.8
jetty-11.*
jetty-11.0.0-alpha0
jetty-11.0.0.beta1
jetty-11.0.0.beta2
jetty-11.0.18
jetty-11.0.19
jetty-11.0.2
jetty-11.0.8
jetty-11.0.9
jetty-12.*
jetty-12.0.0x
jetty-12.0.5
jetty-8.*
jetty-8.0.0.RC0
jetty-8.1.0.RC0
jetty-9.*
jetty-9.1.0.M0
jetty-9.1.0.RC0
jetty-9.1.0.RC1
jetty-9.1.0.RC2
jetty-9.1.0.v20131115
jetty-9.1.1.v20140108
jetty-9.1.2.v20140210
jetty-9.1.3.v20140225
jetty-9.1.4.v20140401
jetty-9.2.0.M0
jetty-9.2.0.M1
jetty-9.2.0.RC0
jetty-9.2.0.v20140523
jetty-9.2.0.v20140526
jetty-9.2.1.v20140609
jetty-9.4.10.v20180503
jetty-9.4.12.v20180830
jetty-9.4.13.v20181111
jetty-9.4.14.v20181114
jetty-9.4.15.v20190215
jetty-9.4.2.v20170220
jetty-9.4.26.v20200117
jetty-9.4.27.v20200227
jetty-9.4.28.v20200408
jetty-9.4.32.v20200930
jetty-9.4.36.v20210114
jetty-9.4.37.v20210219
jetty-9.4.39.v20210325
jetty-9.4.42.v20210604
jetty-9.4.6.v20170531
Git / github.com/jetty/jetty.project
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jetty/jetty.project
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "9.3.0" }, { "last_affected": "9.4.53" } ] }
- Type
- GIT
- Repo
- https://github.com/jetty/jetty.project
- Events
-
IntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "10.0.0" }, { "last_affected": "10.0.19" } ] }