Low severityNVD Advisory· Published Oct 14, 2024· Updated Nov 3, 2025
Jetty PushSessionCacheFilter can cause remote DoS attacks
CVE-2024-6762
Description
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty:jetty-servletsMaven | >= 10.0.0, < 10.0.18 | 10.0.18 |
org.eclipse.jetty:jetty-servletsMaven | >= 11.0.0, < 11.0.18 | 11.0.18 |
org.eclipse.jetty:jetty-servletsMaven | >= 12.0.0, < 12.0.4 | 12.0.4 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- github.com/advisories/GHSA-r7m4-f9h5-gr79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-6762ghsaADVISORY
- github.com/jetty/jetty.project/pull/10755ghsaWEB
- github.com/jetty/jetty.project/pull/10756ghsaWEB
- github.com/jetty/jetty.project/pull/9715ghsaWEB
- github.com/jetty/jetty.project/pull/9716ghsaWEB
- github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79ghsaWEB
- gitlab.eclipse.org/security/cve-assignement/-/issues/24ghsaWEB
- lists.debian.org/debian-lts-announce/2025/04/msg00001.htmlghsaWEB
News mentions
0No linked articles in our index yet.