Test Kennung:	1.3.6.1.4.1.25623.1.0.151836
Kategorie:	Web Servers
Titel:	Eclipse Jetty DoS Vulnerability (GHSA-rggv-cv7r-mw98) - Linux
Zusammenfassung:	Eclipse Jetty is prone to a denial of service (DoS); vulnerability.
Beschreibung:	Summary: Eclipse Jetty is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: If an HTTP/2 connection gets TCP congested, when an idle timeout occurs the HTTP/2 session is marked as closed, and then a GOAWAY frame is queued to be written. However it is not written because the connection is TCP congested. When another idle timeout period elapses, it is then supposed to hard close the connection, but it delegates to the HTTP/2 session which reports that it has already been closed so it does not attempt to hard close the connection. This leaves the connection in ESTABLISHED state (i.e. not closed), TCP congested, and idle. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. Affected Software/OS: Eclipse Jetty version 9.3.0 through 9.4.53, 10.0.0 through 10.0.19, 11.0.0 through 11.0.19 and 12.0.0 through 12.0.5. Solution: Update to version 9.4.54, 10.0.20, 11.0.20, 12.0.6 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22201 https://github.com/jetty/jetty.project/issues/11256 https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html http://www.openwall.com/lists/oss-security/2024/03/20/2
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.