Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Debian 11: DSA-5894-1: jetty9 critical Denial of Service advisory

debian
Calendar Grey April 4, 2025
Debian Logo
Jetty 9 encountered several severe vulnerabilities that permitted remote denial-of-service (DoS) assaults through specially designed requests, necessitating an immediate resolution.
Jetty 9 is a Java based web server and servlet engine

Summary

Jetty 9 is a Java based web server and servlet engine. Several security
vulnerabilities have been discovered which may allow remote attackers to cause
a denial of service by repeatedly sending crafted requests which can trigger
OutofMemory errors and exhaust the server's memory.

CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been
deprecated. These classes should no longer be used in a production environment.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.57-0+deb12u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: jetty9
CVE ID: CVE-2024-6762 CVE-2024-8184 CVE-2024-9823

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here