CVE-2024-8184

{"id": "CVE-2024-8184", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-10-14T16:15:04.380", "references": [{"url": "https://github.com/jetty/jetty.project/pull/11723", "tags": ["Patch"], "source": "emo@eclipse.org"}, {"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq", "tags": ["Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30", "tags": ["Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory."}, {"lang": "es", "value": "Existe una vulnerabilidad de seguridad en ThreadLimitHandler.getRemote() de Jetty que puede ser explotada por usuarios no autorizados para provocar un ataque de denegaci\u00f3n de servicio (DoS) remoto. Al enviar repetidamente solicitudes manipuladas, los atacantes pueden generar errores OutofMemory y agotar la memoria del servidor."}], "lastModified": "2025-11-03T20:17:04.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38EE28A7-83A2-4D16-A1D7-197C1680C234", "versionEndExcluding": "9.4.56", "versionStartIncluding": "9.3.12"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40B124FE-E76C-4612-8781-42CF3182E264", "versionEndExcluding": "10.0.24", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B96569-B73B-4765-994F-809E5AE1A3CE", "versionEndExcluding": "11.0.24", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCB79ED-6D2F-4A37-BB89-41EABF18EAC1", "versionEndExcluding": "12.0.9", "versionStartIncluding": "12.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}