Fluid Attacks Database

Description

Jetty HTTP Server Denial of Service vulnerability HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.mortbay.jetty:jetty	>=0 <4.2.19	4.2.19

Aliases

1. CVE-2004-23812. NVD-2004-23813. OSV-2004-23814. GCVE-2004-2381

References

1. https://exchange.xforce.ibmcloud.com/vulnerabilities/155372. http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.763. http://sourceforge.net/project/shownotes.php?release_id=2247434. http://www.osvdb.org/4387

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.