CVE-2024-8184

ADVISORY - github

Summary

Impact

Remote DOS attack can cause out of memory

Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Affected Versions

Jetty 12.0.0-12.0.8 (Supported)
Jetty 11.0.0-11.0.23 (EOL)
Jetty 10.0.0-10.0.23 (EOL)
Jetty 9.3.12-9.4.55 (EOL)

Patched Versions

Jetty 12.0.9
Jetty 11.0.24
Jetty 10.0.24
Jetty 9.4.56

Workarounds

Do not use ThreadLimitHandler.
Consider use of QoSHandler instead to artificially limit resource utilization.

References

Jetty 12 - https://github.com/jetty/jetty.project/pull/11723

EPSS Score⁠: 0.01487 (0.807)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

CWE-770⁠

Allocation of Resources Without Limits or Throttling

ADVISORY - github

CWE-400⁠

Uncontrolled Resource Consumption

CWE-770⁠

Allocation of Resources Without Limits or Throttling

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-400⁠

Uncontrolled Resource Consumption

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-400⁠

Uncontrolled Resource Consumption

Impacted images

Advisories

NIST

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDCVE-2024-8184⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-770⁠

CVSS SCORE

5.9medium

GitHub

CREATED

1 year ago

UPDATED

3 months ago

ADVISORY IDGHSA-g8m5-722r-8whq⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠CWE-770⁠

CVSS SCORE

5.9medium

Debian

CREATED

1 year ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-8184⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

1 year ago

UPDATED

11 months ago

ADVISORY IDCVE-2024-8184⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium

GitLab

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CVE-2024-8184

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-400⁠CWE-937⁠

CVSS SCORE

5.9medium

Red Hat

CREATED

1 year ago

UPDATED

1 month ago

ADVISORY IDCVE-2024-8184⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-400⁠

CVSS SCORE

6.5medium

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-3v96-9425-c5jg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-45xv-w77x-56w8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

CGA-4x6r-cwfp-wvmh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-56m4-5757-c9j7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-6wch-9rxv-fw5r

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

5 days ago

UPDATED

5 days ago

ADVISORY ID

CGA-8689-qv7w-w4w8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-8cjr-ccm5-q989

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

11 months ago

UPDATED

11 months ago

ADVISORY ID

CGA-8vvp-pq4p-2hc6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-94hw-fpwc-gf4p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-c7jc-pc4g-5wpx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-c8xx-wqr2-vpgm

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-f4m3-6jhg-xc6m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-g4cq-fr4v-r542

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-h6g3-pgx4-5qf9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-hmc6-7f6h-r2jp

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-m9gp-rqph-jfcv

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-p858-c98g-7rp9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-rgmc-7h79-v9m6

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-vp9g-g9wg-4xpq

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY ID

CGA-xj92-8mfm-x22p

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

24 days ago

UPDATED

24 days ago

ADVISORY ID

MINI-2382-3q76-8c86

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY ID

MINI-9g7c-p633-jfpj

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

MINI-hhjc-mhwc-67g4

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY