GHSA-p5rr-q5g6-gm42

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-p5rr-q5g6-gm42/GHSA-p5rr-q5g6-gm42.json

Aliases

CVE-2004-2381

Published

2022-04-29T03:01:19Z

Modified

2023-09-18T23:02:34.422726Z

Details

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

References

https://nvd.nist.gov/vuln/detail/CVE-2004-2381
https://exchange.xforce.ibmcloud.com/vulnerabilities/15537
http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
http://sourceforge.net/project/shownotes.php?release_id=224743
http://www.osvdb.org/4387

Affected packages

Maven / org.mortbay.jetty:jetty

Source Details

Package Name: org.mortbay.jetty:jetty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

4.2.19

Affected versions

4.*

4.1-rc1

4.1-rc6

4.2.2

4.2.3

4.2.9

4.2.10

4.2.12

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}