{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-8184","assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","state":"PUBLISHED","assignerShortName":"eclipse","dateReserved":"2024-08-26T15:58:44.006Z","datePublished":"2024-10-14T15:09:37.861Z","dateUpdated":"2025-11-03T19:34:56.811Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2/","defaultStatus":"unaffected","modules":["jetty-server"],"packageName":"org.eclipse.jetty:jetty-server","product":"Jetty","repo":"https://github.com/jetty/jetty.project","vendor":"Eclipse Foundation","versions":[{"lessThanOrEqual":"9.4.55","status":"affected","version":"9.3.12","versionType":"semver"},{"lessThanOrEqual":"10.0.23","status":"affected","version":"10.0.0","versionType":"semver"},{"lessThanOrEqual":"11.0.23","status":"affected","version":"11.0.0","versionType":"semver"},{"lessThanOrEqual":"12.0.8","status":"affected","version":"12.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"https://github.com/HRsGIT"}],"datePublic":"2024-10-14T03:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There exists a security vulnerability in Jetty's <code>ThreadLimitHandler.getRemote()</code> which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.<br>"}],"value":"There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack.  By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400 Uncontrolled Resource Consumption","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse","dateUpdated":"2024-10-14T15:30:02.698Z"},"references":[{"url":"https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq"},{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/30"},{"url":"https://github.com/jetty/jetty.project/pull/11723"}],"source":{"discovery":"UNKNOWN"},"title":"Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Do not use <code>ThreadLimitHandler</code>.<br>\nConsider use of <code>QoSHandler</code> instead to artificially limit resource utilization.<br>"}],"value":"Do not use ThreadLimitHandler.\n\nConsider use of QoSHandler instead to artificially limit resource utilization."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-15T17:41:50.744158Z","id":"CVE-2024-8184","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-15T17:42:01.168Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:34:56.811Z"}}]}}