Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/jetty9@9.4.54-1?distro=trixie
Typedeb
Namespacedebian
Namejetty9
Version9.4.54-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version9.4.56-1
Latest_non_vulnerable_version9.4.58-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1ejr-3tea-kydr
vulnerability_id VCID-1ejr-3tea-kydr
summary 
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
### Impact
 Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.

### Patches
* https://github.com/jetty/jetty.project/pull/9715
* https://github.com/jetty/jetty.project/pull/9716

### Workarounds
The session usage is intrinsic to the design of the PushCacheFilter.  The issue can be avoided by:
 + not using the PushCacheFilter.  Push has been deprecated by the various IETF specs and early hints responses should be used instead.
 + reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory.
 + configuring a session cache to use [session passivation](https://jetty.org/docs/jetty/12/programming-guide/server/session.html), so that sessions are not stored in memory, but rather in a database or file system that may have significantly more capacity than memory.

### References
* https://github.com/jetty/jetty.project/pull/10756
* https://github.com/jetty/jetty.project/pull/10755
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6762.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6762
reference_id
reference_type
scores
0
value 0.00563
scoring_system epss
scoring_elements 0.684
published_at 2026-04-21T12:55:00Z
1
value 0.00563
scoring_system epss
scoring_elements 0.68423
published_at 2026-04-18T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.68409
published_at 2026-04-16T12:55:00Z
3
value 0.00563
scoring_system epss
scoring_elements 0.68371
published_at 2026-04-13T12:55:00Z
4
value 0.00563
scoring_system epss
scoring_elements 0.68404
published_at 2026-04-12T12:55:00Z
5
value 0.00563
scoring_system epss
scoring_elements 0.68416
published_at 2026-04-11T12:55:00Z
6
value 0.00563
scoring_system epss
scoring_elements 0.68389
published_at 2026-04-09T12:55:00Z
7
value 0.00563
scoring_system epss
scoring_elements 0.68372
published_at 2026-04-08T12:55:00Z
8
value 0.00563
scoring_system epss
scoring_elements 0.68321
published_at 2026-04-07T12:55:00Z
9
value 0.00563
scoring_system epss
scoring_elements 0.68345
published_at 2026-04-04T12:55:00Z
10
value 0.00563
scoring_system epss
scoring_elements 0.68325
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6762
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6762
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6762
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/pull/10755
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://github.com/jetty/jetty.project/pull/10755
6
reference_url https://github.com/jetty/jetty.project/pull/10756
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://github.com/jetty/jetty.project/pull/10756
7
reference_url https://github.com/jetty/jetty.project/pull/9715
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://github.com/jetty/jetty.project/pull/9715
8
reference_url https://github.com/jetty/jetty.project/pull/9716
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://github.com/jetty/jetty.project/pull/9716
9
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
10
reference_url https://gitlab.eclipse.org/security/cve-assignement/-/issues/24
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:42:42Z/
url https://gitlab.eclipse.org/security/cve-assignement/-/issues/24
11
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-6762
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-6762
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085697
reference_id 1085697
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085697
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318562
reference_id 2318562
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318562
15
reference_url https://github.com/advisories/GHSA-r7m4-f9h5-gr79
reference_id GHSA-r7m4-f9h5-gr79
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7m4-f9h5-gr79
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.54-1%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.57-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-0%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-0%252Bdeb11u1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2024-6762, GHSA-r7m4-f9h5-gr79
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ejr-3tea-kydr
1
url VCID-5qhm-ase5-5qhy
vulnerability_id VCID-5qhm-ase5-5qhy
summary 
Connection leaking on idle timeout when TCP congested
### Impact
If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written.
However it is not written because the connection is TCP congested.
When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection.

This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle.

An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.

The client may also be impacted (if the server does not read causing a TCP congestion), but the issue is more severe for servers.

### Patches
Patched versions:
* 9.4.54
* 10.0.20
* 11.0.20
* 12.0.6

### Workarounds
Disable HTTP/2 and HTTP/3 support until you can upgrade to a patched version of Jetty.
HTTP/1.x is not affected.

### References
* https://github.com/jetty/jetty.project/issues/11256.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-22201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22201
reference_id
reference_type
scores
0
value 0.00559
scoring_system epss
scoring_elements 0.68263
published_at 2026-04-21T12:55:00Z
1
value 0.00559
scoring_system epss
scoring_elements 0.68283
published_at 2026-04-18T12:55:00Z
2
value 0.00559
scoring_system epss
scoring_elements 0.68272
published_at 2026-04-16T12:55:00Z
3
value 0.00559
scoring_system epss
scoring_elements 0.68232
published_at 2026-04-13T12:55:00Z
4
value 0.00559
scoring_system epss
scoring_elements 0.68265
published_at 2026-04-12T12:55:00Z
5
value 0.00559
scoring_system epss
scoring_elements 0.68278
published_at 2026-04-11T12:55:00Z
6
value 0.00559
scoring_system epss
scoring_elements 0.68238
published_at 2026-04-08T12:55:00Z
7
value 0.00559
scoring_system epss
scoring_elements 0.68253
published_at 2026-04-09T12:55:00Z
8
value 0.00559
scoring_system epss
scoring_elements 0.68192
published_at 2026-04-02T12:55:00Z
9
value 0.00559
scoring_system epss
scoring_elements 0.6821
published_at 2026-04-04T12:55:00Z
10
value 0.00559
scoring_system epss
scoring_elements 0.68187
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22201
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/commit/0839a208cdc3fcfe25206a77af59ba9fda260188
6
reference_url https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/commit/b953871c9a5ff4fbca4a2499848f75182dbd9810
7
reference_url https://github.com/jetty/jetty.project/issues/11256
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://github.com/jetty/jetty.project/issues/11256
8
reference_url https://github.com/jetty/jetty.project/issues/11259
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project/issues/11259
9
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
10
reference_url https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22201
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22201
12
reference_url https://security.netapp.com/advisory/ntap-20240329-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240329-0001
13
reference_url http://www.openwall.com/lists/oss-security/2024/03/20/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url http://www.openwall.com/lists/oss-security/2024/03/20/2
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923
reference_id 1064923
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064923
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266136
reference_id 2266136
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266136
16
reference_url https://github.com/advisories/GHSA-rggv-cv7r-mw98
reference_id GHSA-rggv-cv7r-mw98
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rggv-cv7r-mw98
17
reference_url https://security.netapp.com/advisory/ntap-20240329-0001/
reference_id ntap-20240329-0001
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-01T18:49:17Z/
url https://security.netapp.com/advisory/ntap-20240329-0001/
18
reference_url https://access.redhat.com/errata/RHSA-2024:3634
reference_id RHSA-2024:3634
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3634
19
reference_url https://access.redhat.com/errata/RHSA-2024:3635
reference_id RHSA-2024:3635
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3635
20
reference_url https://access.redhat.com/errata/RHSA-2024:3636
reference_id RHSA-2024:3636
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3636
21
reference_url https://access.redhat.com/errata/RHSA-2024:4597
reference_id RHSA-2024:4597
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4597
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb12u3%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.54-1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2024-22201, GHSA-rggv-cv7r-mw98
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhm-ase5-5qhy
2
url VCID-memq-11qz-9qem
vulnerability_id VCID-memq-11qz-9qem
summary 
Eclipse Jetty has a denial of service vulnerability on DosFilter
Description
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.


Vulnerability details
The Jetty DoSFilter (Denial of Service Filter) is a security filter designed to protect web applications against certain types of Denial of Service (DoS) attacks and other abusive behavior. It helps to mitigate excessive resource consumption by limiting the rate at which clients can make requests to the server.  The DoSFilter monitors and tracks client request patterns, including request rates, and can take actions such as blocking or delaying requests from clients that exceed predefined thresholds.  The internal tracking of requests in DoSFilter is the source of this OutOfMemory condition.


Impact
Users of the DoSFilter may be subject to DoS attacks that will ultimately exhaust the memory of the server if they have not configured session passivation or an aggressive session inactivation timeout.


Patches
The DoSFilter has been patched in all active releases to no longer support the session tracking mode, even if configured.


Patched releases:

  *  9.4.54
  *  10.0.18
  *  11.0.18
  *  12.0.3
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9823.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9823.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-9823
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71604
published_at 2026-04-21T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.71623
published_at 2026-04-18T12:55:00Z
2
value 0.0068
scoring_system epss
scoring_elements 0.71618
published_at 2026-04-16T12:55:00Z
3
value 0.0068
scoring_system epss
scoring_elements 0.71592
published_at 2026-04-12T12:55:00Z
4
value 0.0068
scoring_system epss
scoring_elements 0.71608
published_at 2026-04-11T12:55:00Z
5
value 0.0068
scoring_system epss
scoring_elements 0.71585
published_at 2026-04-09T12:55:00Z
6
value 0.0068
scoring_system epss
scoring_elements 0.71574
published_at 2026-04-13T12:55:00Z
7
value 0.0068
scoring_system epss
scoring_elements 0.71534
published_at 2026-04-07T12:55:00Z
8
value 0.0068
scoring_system epss
scoring_elements 0.71561
published_at 2026-04-04T12:55:00Z
9
value 0.0068
scoring_system epss
scoring_elements 0.71543
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-9823
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9823
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9823
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/jetty/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/jetty/jetty.project
5
reference_url https://github.com/jetty/jetty.project/issues/1256
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:46:11Z/
url https://github.com/jetty/jetty.project/issues/1256
6
reference_url https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:46:11Z/
url https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h
7
reference_url https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:46:11Z/
url https://gitlab.eclipse.org/security/cve-assignement/-/issues/39
8
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-9823
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-9823
10
reference_url https://security.netapp.com/advisory/ntap-20250306-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0006
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2318565
reference_id 2318565
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2318565
12
reference_url https://github.com/advisories/GHSA-j26w-f9rq-mr2q
reference_id GHSA-j26w-f9rq-mr2q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j26w-f9rq-mr2q
fixed_packages
0
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.54-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.54-1%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.57-0%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-0%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-0%252Bdeb11u1%3Fdistro=trixie
3
url pkg:deb/debian/jetty9@9.4.57-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-0%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
aliases CVE-2024-9823, GHSA-j26w-f9rq-mr2q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-memq-11qz-9qem
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.54-1%3Fdistro=trixie