CVE-2024-6762
LOWEclipse Jetty 10.0.0-10.0.17 - Unauthenticated Denial of Service via PushSessionCacheFilter
Title source: llmDescription
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.
References (7)
Core 7
Core References
Issue Tracking, Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/24
Scores
CVSS v3
3.1
EPSS
0.0056
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
CWE-400
Status
published
Products (2)
eclipse/jetty
10.0.0 - 10.0.18
org.eclipse.jetty/jetty-servlets
10.0.0 - 10.0.18Maven
Published
Oct 14, 2024
Tracked Since
Feb 18, 2026