Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-02-26T16:13:33.848Z
Updated: 2024-08-28T14:21:40.015Z
Reserved: 2024-01-08T04:59:27.371Z
Link: CVE-2024-22201
Vulnrichment
Updated: 2024-08-01T22:35:34.848Z
NVD
Status : Awaiting Analysis
Published: 2024-02-26T16:27:56.343
Modified: 2024-11-21T08:55:47.193
Link: CVE-2024-22201
Redhat