Site icon API Security Blog

Medium: jetty

image
Issue Overview: There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. (CVE-2024-9823) Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update jetty to update your system. New Packages: noarch:     jetty-project-9.0.3-8.amzn2.0.4.noarch     jetty-annotations-9.0.3-8.amzn2.0.4.noarch     jetty-ant-9.0.3-8.amzn2.0.4.noarch     jetty-client-9.0.3-8.amzn2.0.4.noarch     jetty-continuation-9.0.3-8.amzn2.0.4.noarch     jetty-deploy-9.0.3-8.amzn2.0.4.noarch     jetty-http-9.0.3-8.amzn2.0.4.noarch     jetty-io-9.0.3-8.amzn2.0.4.noarch     jetty-jaas-9.0.3-8.amzn2.0.4.noarch     jetty-jaspi-9.0.3-8.amzn2.0.4.noarch     jetty-jmx-9.0.3-8.amzn2.0.4.noarch     jetty-jndi-9.0.3-8.amzn2.0.4.noarch     jetty-jsp-9.0.3-8.amzn2.0.4.noarch     jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.4.noarch     jetty-maven-plugin-9.0.3-8.amzn2.0.4.noarch     jetty-monitor-9.0.3-8.amzn2.0.4.noarch     jetty-plus-9.0.3-8.amzn2.0.4.noarch     jetty-proxy-9.0.3-8.amzn2.0.4.noarch     jetty-rewrite-9.0.3-8.amzn2.0.4.noarch    …Read More

Exit mobile version