CVE-2024-6762

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-6762

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6762.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-6762

Aliases

GHSA-r7m4-f9h5-gr79

Published

2024-10-14T16:15:03Z

Modified

2024-11-09T06:47:33.074852Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

References

Affected packages

Debian:11 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.4.39-3

9.4.39-3+deb11u1

9.4.39-3+deb11u2

9.4.44-1

9.4.44-2

9.4.44-3

9.4.44-4

9.4.45-1

9.4.46-1

9.4.48-1

9.4.49-1

9.4.49-1.1

9.4.50-1~bpo11+1

9.4.50-1

9.4.50-2

9.4.50-3

9.4.50-4

9.4.50-4+deb11u1

9.4.50-4+deb11u2

9.4.51-1

9.4.51-2

9.4.52-1

9.4.53-1

9.4.54-1

9.4.55-1

9.4.56-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.4.50-4

9.4.50-4+deb12u1

9.4.50-4+deb12u2

9.4.50-4+deb12u3

9.4.51-1

9.4.51-2

9.4.52-1

9.4.53-1

9.4.54-1

9.4.55-1

9.4.56-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / jetty9

Package

Name: jetty9
Purl: pkg:deb/debian/jetty9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.4.50-4

9.4.51-1

9.4.51-2

9.4.52-1

9.4.53-1

9.4.54-1

9.4.55-1

9.4.56-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/eclipse/jetty.project

Affected ranges

Type: GIT
Repo: https://github.com/eclipse/jetty.project
Events: Introduced

b9645a17373e4e9b7f30b6c0a07defcea2cb660b

Fixed

8545fd9bf4cd0d0838f626b405fd4963441546b7

Type: GIT
Repo: https://github.com/jetty/jetty.project
Events: Introduced

432f896d7a4555fcc81f38108757ea0aca8788e6

Fixed

5a9a771a9fbcb9d36993630850f612581b78c13f

Affected versions

jetty-10.*

jetty-10.0.0

jetty-10.0.1

jetty-10.0.13

jetty-10.0.15

jetty-10.0.16

jetty-10.0.17

jetty-10.0.2

jetty-10.0.4

jetty-10.0.5

jetty-10.0.6

jetty-10.0.7

jetty-10.0.8

jetty-11.*

jetty-11.0.0

jetty-11.0.1

jetty-11.0.13

jetty-11.0.15

jetty-11.0.16

jetty-11.0.17

jetty-11.0.2

jetty-11.0.4

jetty-11.0.5

jetty-11.0.6

jetty-11.0.7

jetty-11.0.8

jetty-11.0.9

jetty-9.*

jetty-9.4.36.v20210114

jetty-9.4.37.v20210219