CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-22201

Medium Severity
Eclipse
SVRS
30/100
CVSSv3
7.5/10
EPSS
0.00269/1

CVE-2024-22201 is a vulnerability in the Jetty web server that can lead to a denial-of-service. This flaw involves the improper handling of HTTP/2 SSL connections experiencing TCP congestion. When these connections time out, they are leaked, potentially exhausting the server's file descriptors.

CVE-2024-22201 affects versions 9.4.x, 10.0.x, 11.0.x and 12.0.x of Jetty. With an SVRS score of 30, this vulnerability is currently considered low risk. An attacker exploiting this vulnerability could cause the server to become unresponsive to legitimate client requests. It is recommended to patch to versions 9.4.54, 10.0.20, 11.0.20, and 12.0.6 to mitigate this threat and prevent potential service disruptions.

TAGS
In The Wild
X_refsource_CONFIRM
X_refsource_MISC
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-02-26
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-22201 is a vulnerability in Jetty, a Java-based web server and servlet engine. It allows an attacker to cause a denial-of-service (DoS) condition by establishing an HTTP/2 SSL connection and causing it to time out. This can lead to the server running out of file descriptors and eventually stopping accepting new connections from valid clients. The vulnerability has a CVSS score of 7.5 and an SVRS of 42, indicating a moderate level of severity.

Key Insights:

  1. The vulnerability can be exploited remotely, allowing an attacker to launch a DoS attack without having to gain access to the server.
  2. The vulnerability affects all versions of Jetty prior to 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
  3. The vulnerability is actively exploited in the wild, with reports of attacks targeting servers running Jetty.
  4. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies:

  1. Update Jetty to version 9.4.54, 10.0.20, 11.0.20, or 12.0.6 or later.
  2. Implement rate limiting on incoming HTTP/2 connections to prevent an attacker from establishing a large number of connections.
  3. Use a web application firewall (WAF) to block malicious requests that attempt to exploit the vulnerability.
  4. Monitor network traffic for signs of a DoS attack and take appropriate action to mitigate the attack.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-22201 | Eclipse Jetty up to 9.4.53/10.0.19/11.0.19/12.0.5 HTTP/2 SSL resource consumption (ID 11256 / Nessus ID 209256)
vuldb.com2025-02-08
CVE-2024-22201 | Eclipse Jetty up to 9.4.53/10.0.19/11.0.19/12.0.5 HTTP/2 SSL resource consumption (ID 11256 / Nessus ID 209256) | A vulnerability was found in Eclipse Jetty up to 9.4.53/10.0.19/11.0.19/12.0.5 and classified as problematic. This issue affects some unknown processing of the component HTTP2 SSL Handler. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2024-22201. The attack may be
vuldb.com
rss
forum
news

Social Media

This addresses the following vulnerabilities: CVE-2024-22201 CVE-2023-44487 CVE-2023-36478 N/A Security fixes for apigee-mint-task-scheduler. This addresses the following vulnerabilities: CVE-2024-22201 CVE-2023-44487 CVE-2023-36478 N/A Security fixes for apigee-operators 22/25
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppEclipsejetty
Configuration 2
TypeVendorProduct
OSDebiandebian_linux
Configuration 3
TypeVendorProduct
AppNetappactive_iq_unified_manager
AppNetappbluexp

References

ReferenceLink
[email protected]https://github.com/jetty/jetty.project/issues/11256
[email protected]https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
[email protected]https://github.com/jetty/jetty.project/issues/11256
[email protected]https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
[email protected]https://security.netapp.com/advisory/ntap-20240329-0001/
[email protected]https://github.com/jetty/jetty.project/issues/11256
[email protected]https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
[email protected]https://security.netapp.com/advisory/ntap-20240329-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/20/2
[email protected]https://github.com/jetty/jetty.project/issues/11256
[email protected]https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
[email protected]https://security.netapp.com/advisory/ntap-20240329-0001/
HTTPS://GITHUB.COM/JETTY/JETTY.PROJECT/ISSUES/11256https://github.com/jetty/jetty.project/issues/11256
HTTPS://GITHUB.COM/JETTY/JETTY.PROJECT/SECURITY/ADVISORIES/GHSA-RGGV-CV7R-MW98https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/20/2
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/jetty/jetty.project/issues/11256
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240329-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/20/2
[email protected]https://github.com/jetty/jetty.project/issues/11256
[email protected]https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98
[email protected]https://lists.debian.org/debian-lts-announce/2024/04/msg00002.html
[email protected]https://security.netapp.com/advisory/ntap-20240329-0001/

CWE Details

CWE IDCWE NameDescription
CWE-770Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
CWE-400Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence