Vulnerability Details CVE-2004-2381
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
- http://secunia.com/advisories/11166/
- http://sourceforge.net/project/shownotes.php?release_id=224743
- http://www.osvdb.org/4387
- http://www.securityfocus.com/bid/9917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15537
- http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
- http://secunia.com/advisories/11166/
- http://sourceforge.net/project/shownotes.php?release_id=224743
- http://www.osvdb.org/4387
- http://www.securityfocus.com/bid/9917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15537
Products affected by CVE-2004-2381
-
cpe:2.3:a:jetty:jetty_http_server:4.0.0
-
cpe:2.3:a:jetty:jetty_http_server:4.0.1
-
cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.0.1_rc2
-
cpe:2.3:a:jetty:jetty_http_server:4.0.2
-
cpe:2.3:a:jetty:jetty_http_server:4.0.3
-
cpe:2.3:a:jetty:jetty_http_server:4.0.4
-
cpe:2.3:a:jetty:jetty_http_server:4.0.5
-
cpe:2.3:a:jetty:jetty_http_server:4.0.6
-
cpe:2.3:a:jetty:jetty_http_server:4.0.b0
-
cpe:2.3:a:jetty:jetty_http_server:4.0.b1
-
cpe:2.3:a:jetty:jetty_http_server:4.0.b2
-
cpe:2.3:a:jetty:jetty_http_server:4.0.d0
-
cpe:2.3:a:jetty:jetty_http_server:4.0.d1
-
cpe:2.3:a:jetty:jetty_http_server:4.0.d2
-
cpe:2.3:a:jetty:jetty_http_server:4.0.d3
-
cpe:2.3:a:jetty:jetty_http_server:4.0.d4
-
cpe:2.3:a:jetty:jetty_http_server:4.0_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.0_rc2
-
cpe:2.3:a:jetty:jetty_http_server:4.0_rc3
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc2
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc3
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc4
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc5
-
cpe:2.3:a:jetty:jetty_http_server:4.1.0_rc6
-
cpe:2.3:a:jetty:jetty_http_server:4.1.1
-
cpe:2.3:a:jetty:jetty_http_server:4.1.2
-
cpe:2.3:a:jetty:jetty_http_server:4.1.3
-
cpe:2.3:a:jetty:jetty_http_server:4.1.4
-
cpe:2.3:a:jetty:jetty_http_server:4.1.b0
-
cpe:2.3:a:jetty:jetty_http_server:4.1.b1
-
cpe:2.3:a:jetty:jetty_http_server:4.1.d0
-
cpe:2.3:a:jetty:jetty_http_server:4.1.d1
-
cpe:2.3:a:jetty:jetty_http_server:4.1.d2
-
cpe:2.3:a:jetty:jetty_http_server:4.2.0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.0_beta0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.0_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.2.1
-
cpe:2.3:a:jetty:jetty_http_server:4.2.10
-
cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.10_pre1
-
cpe:2.3:a:jetty:jetty_http_server:4.2.11
-
cpe:2.3:a:jetty:jetty_http_server:4.2.12
-
cpe:2.3:a:jetty:jetty_http_server:4.2.14
-
cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.14_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.2.15
-
cpe:2.3:a:jetty:jetty_http_server:4.2.15_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.16
-
cpe:2.3:a:jetty:jetty_http_server:4.2.17
-
cpe:2.3:a:jetty:jetty_http_server:4.2.18
-
cpe:2.3:a:jetty:jetty_http_server:4.2.2
-
cpe:2.3:a:jetty:jetty_http_server:4.2.3
-
cpe:2.3:a:jetty:jetty_http_server:4.2.4
-
cpe:2.3:a:jetty:jetty_http_server:4.2.4_rc0
-
cpe:2.3:a:jetty:jetty_http_server:4.2.5
-
cpe:2.3:a:jetty:jetty_http_server:4.2.6
-
cpe:2.3:a:jetty:jetty_http_server:4.2.7
-
cpe:2.3:a:jetty:jetty_http_server:4.2.8_01
-
cpe:2.3:a:jetty:jetty_http_server:4.2.9
-
cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc1
-
cpe:2.3:a:jetty:jetty_http_server:4.2.9_rc2