Bug#1085697: jetty9: CVE-2024-6762
Moritz Mühlenhoff
jmm at inutil.org
Mon Oct 21 19:49:20 BST 2024
Source: jetty9
X-Debbugs-CC: team at security.debian.org
Severity: normal
Tags: security
Hi,
The following vulnerability was published for jetty9.
CVE-2024-6762[0]:
| Jetty PushSessionCacheFilter can be exploited by unauthenticated
| users to launch remote DoS attacks by exhausting the server’s
| memory.
https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
The advisory mentions only 10.x and later to be affected, but
PushSessionCacheFilter seems also present in our jetty9 package.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-6762
https://www.cve.org/CVERecord?id=CVE-2024-6762
Please adjust the affected versions in the BTS as needed.
More information about the pkg-java-maintainers
mailing list