Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wNXJyLXE1ZzYtZ200Ms1PqA
Jetty HTTP Server Denial of Service vulnerability
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
Permalink: https://github.com/advisories/GHSA-p5rr-q5g6-gm42JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNXJyLXE1ZzYtZ200Ms1PqA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-p5rr-q5g6-gm42, CVE-2004-2381
References:
- https://nvd.nist.gov/vuln/detail/CVE-2004-2381
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15537
- http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
- http://sourceforge.net/project/shownotes.php?release_id=224743
- http://www.osvdb.org/4387
- https://github.com/advisories/GHSA-p5rr-q5g6-gm42
Blast Radius: 0.0
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: < 4.2.19
Fixed in: 4.2.19
All affected versions:
All unaffected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26