Moderate severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-2381
CVE-2004-2381
Description
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.mortbay.jetty:jettyMaven | < 4.2.19 | 4.2.19 |
Affected products
67cpe:2.3:a:jetty:jetty_http_server:4.0.0:*:*:*:*:*:*:*+ 66 more
- cpe:2.3:a:jetty:jetty_http_server:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.b0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.b1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.b2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.d0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.d1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.d2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.d3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0.d4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc5:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc6:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.b0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.b1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.d0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.d1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.1.d2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.0_beta0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.15_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.4_rc0:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.8_01:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/11166/nvdPatchVendor Advisory
- sourceforge.net/project/shownotes.phpnvdPatchWEB
- github.com/advisories/GHSA-p5rr-q5g6-gm42ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2004-2381ghsaADVISORY
- cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.javanvdWEB
- www.osvdb.org/4387nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/15537nvdWEB
- www.securityfocus.com/bid/9917nvd
News mentions
0No linked articles in our index yet.