Published: 26/02/2024 Updated: 01/05/2024

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Debian Bug report logs - #1064923 jetty9: CVE-2024-22201 Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Feb 2024 19:21:02 UTC Severity: important Tags: security, upstream Fou ...

oss-sec mailing list archives   By Date By Thread </form>    Vulnerability in Jenkins   From: Daniel Beck <ml () beckweb net> D ...

https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 https://github.com/jetty/jetty.project/issues/11256 https://security.netapp.com/advisory/ntap-20240329-0001/https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html http://www.openwall.com/lists/oss-security/2024/03/20/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-22201

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect