admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-10-14 16:00:34 +00:00
parent d2d7dec09a
commit cd53a8b321
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
18 changed files with 816 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2024/41xxx/CVE-2024-41997.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-41997",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-41997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell` intent that when clicked by the victim results in command execution on the victim's machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/warpdotdev/warp",
"refsource": "MISC",
"name": "https://github.com/warpdotdev/warp"
},
{
"refsource": "MISC",
"name": "https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a7832",
"url": "https://gist.github.com/bhyh/d1ee7a825fce283bf8acbdb42c8a7832"
},
{
"refsource": "MISC",
"name": "https://docs.warp.dev/getting-started/changelog#id-2024.07.18-v0.2024.07.16.08.02",
"url": "https://docs.warp.dev/getting-started/changelog#id-2024.07.18-v0.2024.07.16.08.02"
},
{
"refsource": "MISC",
"name": "https://docs.warp.dev/features/integrations-and-plugins#docker",
"url": "https://docs.warp.dev/features/integrations-and-plugins#docker"
}
]
}

56
2024/48xxx/CVE-2024-48153.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-48153",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-48153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/tw11ty/CVE/blob/main/DrayTek/Vigor3900/Vigor3900%20command%20execution%20vulnerability.md",
"refsource": "MISC",
"name": "https://github.com/tw11ty/CVE/blob/main/DrayTek/Vigor3900/Vigor3900%20command%20execution%20vulnerability.md"
}
]
}

18
2024/49xxx/CVE-2024-49382.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49382",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49383.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49383",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49384.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49385.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49386.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49387.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49388.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49389.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49389",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49390.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49391.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49391",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/49xxx/CVE-2024-49392.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-49392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

133
2024/6xxx/CVE-2024-6762.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6762",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@eclipse.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jetty PushSessionCacheFilter can be exploited by unauthenticated users \nto launch remote DoS attacks by exhausting the server\u2019s memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Jetty",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.17"
},
{
"version_affected": "<=",
"version_name": "11.0.0",
"version_value": "11.0.17"
},
{
"version_affected": "<=",
"version_name": "12.0.0",
"version_value": "12.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/24",
"refsource": "MISC",
"name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/24"
},
{
"url": "https://github.com/jetty/jetty.project/pull/9715",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/9715"
},
{
"url": "https://github.com/jetty/jetty.project/pull/9716",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/9716"
},
{
"url": "https://github.com/jetty/jetty.project/pull/10756",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/10756"
},
{
"url": "https://github.com/jetty/jetty.project/pull/10755",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/10755"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The session usage is intrinsic to the design of the PushCacheFilter. The issue can be avoided by:</p>\n<ul>\n<li>not using the PushCacheFilter. Push has been deprecated by the \nvarious IETF specs and early hints responses should be used instead.</li>\n<li>reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory.</li>\n<li>configuring a session cache to use <a target=\"_blank\" rel=\"nofollow\" href=\"https://jetty.org/docs/jetty/12/programming-guide/server/session.html\">session passivation</a>,\n so that sessions are not stored in memory, but rather in a database or \nfile system that may have significantly more capacity than memory.</li>\n</ul>"
}
],
"value": "The session usage is intrinsic to the design of the PushCacheFilter. The issue can be avoided by:\n\n\n\n * not using the PushCacheFilter. Push has been deprecated by the \nvarious IETF specs and early hints responses should be used instead.\n\n * reducing the reducing the idle timeout on unauthenticated sessions will reduce the time such session stay in memory.\n\n * configuring a session cache to use session passivation https://jetty.org/docs/jetty/12/programming-guide/server/session.html ,\n so that sessions are not stored in memory, but rather in a database or \nfile system that may have significantly more capacity than memory."
}
],
"credits": [
{
"lang": "en",
"value": "Lian Kee"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

108
2024/6xxx/CVE-2024-6763.json
View File

@ -1,17 +1,117 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-6763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@eclipse.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.\n\nThe HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI\n differs from the common browsers in how it handles a URI that would be \nconsidered invalid if fully validated against the RRC. Specifically HttpURI\n and the browser may differ on the value of the host extracted from an \ninvalid URI and thus a combination of Jetty and a vulnerable browser may\n be vulnerable to a open redirect attack or to a SSRF attack if the URI \nis used after passing validation checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1286",
"cweId": "CWE-1286"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Jetty",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "7.0.0",
"version_value": "12.0.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25",
"refsource": "MISC",
"name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/25"
},
{
"url": "https://github.com/jetty/jetty.project/pull/12012",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/12012"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>The attacks outlined above rely on decoded user data being passed to the <code>HttpURI</code> class. Application should not pass decoded user data as an encoded URI to any URI class/method, including <code>HttpURI</code>. Such applications are likely to be vulnerable in other ways.<br>\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority. Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per <a target=\"_blank\" rel=\"nofollow\" href=\"https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4\">RFC9110 Section 4.2.4</a>.</p>\n<p>Note that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser).</p>"
}
],
"value": "The attacks outlined above rely on decoded user data being passed to the HttpURI class. Application should not pass decoded user data as an encoded URI to any URI class/method, including HttpURI. Such applications are likely to be vulnerable in other ways.\n\nThe immediate solution is to upgrade to a version of the class that will\n fully validate the characters of the URI authority. Ultimately, Jetty \nwill deprecate and remove support for user info in the authority per RFC9110 Section 4.2.4 https://datatracker.ietf.org/doc/html/rfc9110#section-4.2.4 .\n\n\nNote that the Chrome (and other browsers) parse the \ninvalid user info section improperly as well (due to flawed WhatWG URL \nparsing rules that do not apply outside of a Web Browser)."
}
],
"credits": [
{
"lang": "en",
"value": "https://github.com/zer0yu"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

123
2024/8xxx/CVE-2024-8184.json
View File

@ -1,17 +1,132 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8184",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@eclipse.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Jetty",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "9.3.12",
"version_value": "9.4.55"
},
{
"version_affected": "<=",
"version_name": "10.0.0",
"version_value": "10.0.23"
},
{
"version_affected": "<=",
"version_name": "11.0.0",
"version_value": "11.0.23"
},
{
"version_affected": "<=",
"version_name": "12.0.0",
"version_value": "12.0.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30",
"refsource": "MISC",
"name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/30"
},
{
"url": "https://github.com/jetty/jetty.project/pull/11723",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/pull/11723"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Do not use <code>ThreadLimitHandler</code>.<br>\nConsider use of <code>QoSHandler</code> instead to artificially limit resource utilization.<br>"
}
],
"value": "Do not use ThreadLimitHandler.\n\nConsider use of QoSHandler instead to artificially limit resource utilization."
}
],
"credits": [
{
"lang": "en",
"value": "https://github.com/HRsGIT"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

137
2024/9xxx/CVE-2024-9823.json
View File

@ -1,17 +1,146 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9823",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@eclipse.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eclipse Foundation",
"product": {
"product_data": [
{
"product_name": "Jetty",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0.0",
"version_value": "9.4.54"
},
{
"version_affected": "<",
"version_name": "10.0.0",
"version_value": "10.0.18"
},
{
"version_affected": "<",
"version_name": "11.0.0",
"version_value": "11.0.18"
}
]
}
}
]
}
},
{
"vendor_name": "Eclipse Jetty",
"product": {
"product_data": [
{
"product_name": "Jetty",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "12.0.0",
"version_value": "12.0.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39",
"refsource": "MISC",
"name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/39"
},
{
"url": "https://github.com/jetty/jetty.project/issues/1256",
"refsource": "MISC",
"name": "https://github.com/jetty/jetty.project/issues/1256"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The <code>DoSFilter</code> can be configured to not use sessions for tracking usage by setting the <code>trackSessions</code> init parameter to <code>false</code>. This will then use only the IP tracking mechanism, which is not vulnerable.<br>\nSessions can also be configured to have aggressive passivation or inactivation limits.<br>"
}
],
"value": "The DoSFilter can be configured to not use sessions for tracking usage by setting the trackSessions init parameter to false. This will then use only the IP tracking mechanism, which is not vulnerable.\n\nSessions can also be configured to have aggressive passivation or inactivation limits."
}
],
"credits": [
{
"lang": "en",
"value": "Lian Kee"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

18
2024/9xxx/CVE-2024-9939.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-9939",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}