CVE-2024-9823— Jetty DOS vulnerability on DosFilter

CVSS 5.3 · Medium EPSS 0.68% · P72 Updated Nov 04, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-9823

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Jetty DOS vulnerability on DosFilter

Source: NVD (National Vulnerability Database)

Vulnerability Description

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

未加控制的资源消耗(资源穷尽)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Eclipse Jetty 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty存在安全漏洞，该漏洞源于未授权用户可以通过发送精心构造的请求来触发远程拒绝服务攻击，最终导致服务器内存耗尽。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Eclipse Foundation	Jetty	9.0.0 ~ 9.4.54	-
Eclipse Jetty	Jetty	12.0.0 ~ 12.0.3	-
Eclipse Jetty	Jetty	12.0.0 ~ 12.0.3	-
Eclipse Jetty	Jetty	12.0.0 ~ 12.0.3	-

II. Public POCs for CVE-2024-9823

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-9823

请登录查看更多情报信息。

Same Patch Batch · Eclipse Foundation · 2024-10-14 · 4 CVEs total

CVE-2024-8184	5.9 MEDIUM	Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
CVE-2024-6763	3.7 LOW	Jetty URI parsing of invalid authority
CVE-2024-6762	3.1 LOW	Jetty PushSessionCacheFilter can cause remote DoS attacks

IV. Related Vulnerabilities

Same product: Jetty

Same vendor: Eclipse Foundation

Same weakness: CWE-400

V. Comments for CVE-2024-9823

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9823— Jetty DOS vulnerability on DosFilter

I. Basic Information for CVE-2024-9823

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-9823

III. Intelligence Information for CVE-2024-9823

Same Patch Batch · Eclipse Foundation · 2024-10-14 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-9823

Leave a comment