CVE-2004-2381 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <4.2.19

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01271 pctl0.78731

Details

Jetty HTTP Server Denial of Service vulnerability HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

Metadata

Created: 2022-04-29T03:01:19Z
Modified: 2023-09-18T22:57:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-p5rr-q5g6-gm42/GHSA-p5rr-q5g6-gm42.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-p5rr-q5g6-gm42
Finding: F002
Auto approve: 1