Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40230
HistoryApr 20, 2023 - 2:24 p.m.

Denial Of Service (DOS)

2023-04-2014:24:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
org.eclipse.jetty
multipart file upload
httpservletrequest.getparameter
httpservletrequest.getparts
@multipartconfig
outofmemoryerror

EPSS

0.002

Percentile

61.3%

org.eclipse.jetty: jetty-server is vulnerable to Denial of Service. The vulnerability exists due to a lack of multipart file upload sanitization that affects HttpServletRequest.getParameter() or HttpServletRequest.getParts() methods annotated with @MultipartConfig, which allows an attacker to submit a multipart request with parts lacking a filename and a very large content size. This can throw an OutOfMemoryError, resulting in a Denial of Service.