7 matches found
Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data
Summary Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connection...
jetty: stop accepting new connections from valid clients
A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file...
Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)
Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...
Connection leaking on idle timeout when TCP congested
Impact If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed ...
CVE-2024-22201 Jetty connection leaking on idle timeout when TCP congested
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...
CVE-2024-22201
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...
Eclipse Jetty Security Vulnerability
Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty versions prior to 9.4.54, prior to 10.0.20, prior to 11.0.20, and prior to 12.0.6, which stems from a timeout that causes a leak if TCP i...