GHSA-p5rr-q5g6-gm42

Source

https://github.com/advisories/GHSA-p5rr-q5g6-gm42

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-p5rr-q5g6-gm42/GHSA-p5rr-q5g6-gm42.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p5rr-q5g6-gm42

Aliases

CVE-2004-2381

Published

2022-04-29T03:01:19Z

Modified

2024-11-28T05:30:07.803612Z

Summary

Jetty HTTP Server Denial of Service vulnerability

Details

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

Database specific

{
    "nvd_published_at": "2004-12-31T05:00:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-09-18T22:57:43Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name: org.mortbay.jetty:jetty; View open source insights on deps.dev
Purl: pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.19

Affected versions

test-6.*

test-6.0.0rc3

test-6.0.0rc4

test-6.0.0

test-6.0.1

4.*

4.1-rc1

4.1-rc6

4.2.2

4.2.3

4.2.9

4.2.10

4.2.12