What is CVE-2024-22201?

CVE-2024-22201 is a high-severity vulnerability in Eclipse Jetty, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-02-26.

How severe is CVE-2024-22201?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2024-22201 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Eclipse Jetty

CVE-2024-22201

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run ou…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.014 (69.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Eclipse Jetty
Jetty Jetty.project — versions >= 9.3.0, <= 9.4.53, >= 10.0.0, <= 10.0.19, >= 11.0.0, <= 11.0.19
Netapp Active_iq_unified_manager
Netapp Bluexp
Debian Debian_linux — versions 10.0

Weakness classification (CWE)

Public proof-of-concept exploits

ytono/gcp-arcade

References

security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
security-advisories@github.com (x_refsource_MISC, Issue Tracking)
security-advisories@github.com (Third Party Advisory)
security-advisories@github.com (Mailing List)
security-advisories@github.com (Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2024-22201?: CVE-2024-22201 is a high-severity vulnerability in Eclipse Jetty, classified under Uncontrolled Resource Consumption. CVSS score: 7.5/10. Published 2024-02-26.
How severe is CVE-2024-22201?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2024-22201 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.