Vulnerability Details CVE-2024-6762
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks by exhausting the server’s memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v3 Score 3.1
References
- https://github.com/jetty/jetty.project/pull/10755
- https://github.com/jetty/jetty.project/pull/10756
- https://github.com/jetty/jetty.project/pull/9715
- https://github.com/jetty/jetty.project/pull/9716
- https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/24
Products affected by CVE-2024-6762
-
cpe:2.3:a:eclipse:jetty:10.0.0
-
cpe:2.3:a:eclipse:jetty:10.0.1
-
cpe:2.3:a:eclipse:jetty:10.0.10
-
cpe:2.3:a:eclipse:jetty:10.0.11
-
cpe:2.3:a:eclipse:jetty:10.0.12
-
cpe:2.3:a:eclipse:jetty:10.0.13
-
cpe:2.3:a:eclipse:jetty:10.0.14
-
cpe:2.3:a:eclipse:jetty:10.0.15
-
cpe:2.3:a:eclipse:jetty:10.0.16
-
cpe:2.3:a:eclipse:jetty:10.0.17
-
cpe:2.3:a:eclipse:jetty:10.0.2
-
cpe:2.3:a:eclipse:jetty:10.0.3
-
cpe:2.3:a:eclipse:jetty:10.0.4
-
cpe:2.3:a:eclipse:jetty:10.0.5
-
cpe:2.3:a:eclipse:jetty:10.0.6
-
cpe:2.3:a:eclipse:jetty:10.0.7
-
cpe:2.3:a:eclipse:jetty:10.0.8
-
cpe:2.3:a:eclipse:jetty:10.0.9
-
cpe:2.3:a:eclipse:jetty:11.0.0
-
cpe:2.3:a:eclipse:jetty:11.0.1
-
cpe:2.3:a:eclipse:jetty:11.0.10
-
cpe:2.3:a:eclipse:jetty:11.0.11
-
cpe:2.3:a:eclipse:jetty:11.0.12
-
cpe:2.3:a:eclipse:jetty:11.0.13
-
cpe:2.3:a:eclipse:jetty:11.0.14
-
cpe:2.3:a:eclipse:jetty:11.0.15
-
cpe:2.3:a:eclipse:jetty:11.0.16
-
cpe:2.3:a:eclipse:jetty:11.0.17
-
cpe:2.3:a:eclipse:jetty:11.0.2
-
cpe:2.3:a:eclipse:jetty:11.0.3
-
cpe:2.3:a:eclipse:jetty:11.0.4
-
cpe:2.3:a:eclipse:jetty:11.0.5
-
cpe:2.3:a:eclipse:jetty:11.0.6
-
cpe:2.3:a:eclipse:jetty:11.0.7
-
cpe:2.3:a:eclipse:jetty:11.0.8
-
cpe:2.3:a:eclipse:jetty:11.0.9
-
cpe:2.3:a:eclipse:jetty:12.0.0
-
cpe:2.3:a:eclipse:jetty:12.0.1
-
cpe:2.3:a:eclipse:jetty:12.0.2
-
cpe:2.3:a:eclipse:jetty:12.0.3