PT-2024-38862 · Eclipse+4 · Jetty+4

Hrsgit

Published

2024-10-14

Updated

2026-05-18

CVE-2024-8184

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Jetty versions 9.3.12 through 9.4.55 Jetty versions 10.0.0 through 10.0.23 Jetty versions 11.0.0 through 11.0.23 Jetty versions 12.0.0 through 12.0.8

Description: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Recommendations: For Jetty versions 9.3.12 through 9.4.55, update to version 9.4.56 or later. For Jetty versions 10.0.0 through 10.0.23, update to version 10.0.24 or later. For Jetty versions 11.0.0 through 11.0.23, update to version 11.0.24 or later. For Jetty versions 12.0.0 through 12.0.8, update to version 12.0.9 or later. As a temporary workaround, consider not using ThreadLimitHandler and instead use QoSHandler to artificially limit resource utilization.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

ALT-PU-2024-16002

ALT-PU-2024-16022

ALT-PU-2024-16072

BDU:2025-03454

CLEANSTART-2026-DD05788

CLEANSTART-2026-GH89210

CLEANSTART-2026-SQ91016

CLEANSTART-2026-VH41554

CLEANSTART-2026-WK99982

CVE-2024-8184

DLA-4106-1

DLA-4106-2

DSA-5894-1

GHSA-G8M5-722R-8WHQ

OPENSUSE-SU-2024:14408-1

OPENSUSE-SU-2024_3720-1

SUSE-SU-2024:3720-1

SUSE-SU-2024_3720-1

Affected Products

Alt Linux

Debian

Jetty

Red Os

Suse

PT-2024-38862 · Eclipse+4 · Jetty+4

CVE-2024-8184

Weakness Enumeration

Related Identifiers

Affected Products

References · 338