Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/05 6:5 p.m.23 views

Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connection...

7.5CVSS7.3AI score0.01433EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/07/17 6:49 p.m.7 views

jetty: stop accepting new connections from valid clients

A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...

7.5CVSS7AI score0.01433EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/27 12:28 a.m.39 views

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...

7.5CVSS7.4AI score0.01433EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/26 8:13 p.m.46 views

Connection leaking on idle timeout when TCP congested

Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed ...

7.5CVSS7.3AI score0.01433EPSS
Exploits0References10Affected Software4
Vulnrichment
Vulnrichment
added 2024/02/26 4:13 p.m.37 views

CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

7.5CVSS7AI score0.01433EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/02/26 4:13 p.m.26 views

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...

7.5CVSS6.9AI score0.01433EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.3 views

Eclipse Jetty Security Vulnerability

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions prior to 9.4.54, prior to 10.0.20, prior to 11.0.20, and prior to 12.0.6, which stems from a timeout that causes a leak if TCP i...

7.5CVSS8.8AI score0.01433EPSS
Exploits0References12
Rows per page
Query Builder