Description

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

Related CPE's

a

eclipse

jetty

4

o

netapp

bootstrap_os

-

Vulnerable

h

netapp

hci_compute_node

-

a

netapp

active_iq_unified_manager

3

References

https://github.com/jetty/jetty.project/issues/1256

Issue Tracking

https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h

Vendor Advisory

https://gitlab.eclipse.org/security/cve-assignement/-/issues/39

Issue TrackingVendor Advisory

https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html

https://security.netapp.com/advisory/ntap-20250306-0006/

Third Party Advisory

Weaknesses

[email protected]

Secondary
CWE-400

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-10-14T13:15:14.560Z

1 year ago

Last modified

2025-11-03T19:17:05.567Z

4 months ago