Moderate severityNVD Advisory· Published Oct 14, 2024· Updated Nov 3, 2025
Jetty DOS vulnerability on DosFilter
CVE-2024-9823
Description
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty.ee10:jetty-ee10-servletsMaven | >= 12.0.0, < 12.0.3 | 12.0.3 |
org.eclipse.jetty.ee8:jetty-ee8-servletsMaven | >= 12.0.0, < 12.0.3 | 12.0.3 |
org.eclipse.jetty.ee9:jetty-ee9-servletsMaven | >= 12.0.0, < 12.0.3 | 12.0.3 |
org.eclipse.jetty:jetty-servletsMaven | >= 9.0.0, < 9.4.54 | 9.4.54 |
org.eclipse.jetty:jetty-servletsMaven | >= 10.0.0, < 10.0.18 | 10.0.18 |
org.eclipse.jetty:jetty-servletsMaven | >= 11.0.0, < 11.0.18 | 11.0.18 |
Affected products
14- osv-coords12 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/cassandra-reaperpkg:apk/chainguard/cassandra-reaper-jre-bcfipspkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/wolfi/cassandra-reaperpkg:apk/wolfi/spark-3.5-scala-2.13pkg:maven/org.eclipse.jetty.ee10/jetty-ee10-servletspkg:maven/org.eclipse.jetty.ee8/jetty-ee8-servletspkg:maven/org.eclipse.jetty.ee9/jetty-ee9-servletspkg:maven/org.eclipse.jetty/jetty-servlets
< 2.15.0-r2+ 11 more
- (no CPE)range: < 2.15.0-r2
- (no CPE)range: < 2.15.0-r2
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 3.7.1-r1
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: < 3.5.8-r3
- (no CPE)range: < 4.0.1-r1
- (no CPE)range: < 3.5.7-r2
- (no CPE)range: >= 12.0.0, < 12.0.3
- (no CPE)range: >= 12.0.0, < 12.0.3
- (no CPE)range: >= 12.0.0, < 12.0.3
- (no CPE)range: >= 9.0.0, < 9.4.54
- Eclipse Jetty/Jettyv5Range: 12.0.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-j26w-f9rq-mr2qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9823ghsaADVISORY
- github.com/jetty/jetty.project/issues/1256ghsaWEB
- github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5hghsaWEB
- gitlab.eclipse.org/security/cve-assignement/-/issues/39ghsaWEB
- lists.debian.org/debian-lts-announce/2025/04/msg00001.htmlghsaWEB
- security.netapp.com/advisory/ntap-20250306-0006ghsaWEB
News mentions
0No linked articles in our index yet.