2318564 – (CVE-2024-8184) CVE-2024-8184 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

Bug 2318564 (CVE-2024-8184) - CVE-2024-8184 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

Summary: CVE-2024-8184 org.eclipse.jetty:jetty-server: jetty: Jetty ThreadLimitHandler...

Keywords:
Status:	NEW
Alias:	CVE-2024-8184
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-14 16:01 UTC by OSIDB Bzimport
Modified:	2025-05-21 02:07 UTC (History)
CC List:	98 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2024:11023	None	None	None	2024-12-12 20:01:23 UTC
Red Hat Product Errata	RHSA-2024:9571	None	None	None	2024-11-13 16:21:25 UTC
Red Hat Product Errata	RHSA-2025:2416	None	None	None	2025-03-05 20:59:29 UTC

Description OSIDB Bzimport 2024-10-14 16:01:27 UTC

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Comment 1 errata-xmlrpc 2024-11-13 16:21:21 UTC

This issue has been addressed in the following products:

  Streams for Apache Kafka 2.8.0

Via RHSA-2024:9571 https://access.redhat.com/errata/RHSA-2024:9571

Comment 2 errata-xmlrpc 2024-12-12 20:01:18 UTC

This issue has been addressed in the following products:

  HawtIO 4.0.0 for Red Hat build of Apache Camel 4

Via RHSA-2024:11023 https://access.redhat.com/errata/RHSA-2024:11023

Comment 6 errata-xmlrpc 2025-03-05 20:59:24 UTC

This issue has been addressed in the following products:

  Streams for Apache Kafka 2.9.0

Via RHSA-2025:2416 https://access.redhat.com/errata/RHSA-2025:2416

Note You need to log in before you can comment on or make changes to this bug.

abrianik
aprice
aschwart
asoldano
ataylor
bbaranow
bihu
bmaxwell
boliveir
brian.stansberry
caswilli
ccranfor
cdewolf
chazlett
chfoley
cmiranda
crizzo
csutherl
darran.lofthouse
dfreiber
dhanak
dkreling
dnakabaa
dosoudil
drichtar
drow
dsimansk
ecerquei
eric.wittmann
fjuma
fmariani
ggrzybek
gmalinko
ibek
istudens
ivassile
iweiss
janstey
jburrell
jclere
jkoops
jpechane
jpoth
jrokos
jross
jsamir
jscholz
kaycoth
kgaikwad
kholdawa
kingland
kverlaen
lcouzens
lgao
matzew
mnovotny
mosmerov
mpierce
mposolda
mskarbek
msochure
msvehla
nipatil
nwallace
oezr
pantinor
parichar
pcongius
pdelbell
pdrozd
peholase
pesilva
pierdipi
pjindal
plodge
pmackay
pskopek
rguimara
rhuss
rkieley
rkubis
rmartinc
rowaters
rstancel
rstepani
sausingh
smaestri
ssilvert
sthorger
swoodman
szappis
tasato
tcunning
tom.jenkinson
vkumar
vmuzikar
wfink
yfang