Jerdfelt

**Name of the Vulnerable Software and Affected Versions** Jetty (affected versions not specified) **Description** The Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote Denial of Service (DoS) attacks by exhausting the server's memory. This issue allows attackers to remotely attack the server, potentially causing it to run out of memory. **Recommendations** To resolve the issue, consider the following workarounds: * Avoid using the PushCacheFilter, as Push has been deprecated by the various IETF specs and early hints responses should be used instead. * Reduce the idle timeout on unauthenticated sessions to reduce the time such sessions stay in memory. * Configure a session cache to use session passivation, so that sessions are not stored in memory, but rather in a database or file system that may have significantly more capacity than memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.