[LAMA-135] CVSS: 3.7 Eclipse Jetty Denial of Service (DoS) Vulnerability - QueueMetrix Software

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.0.7.9
Component/s: Webapp
Labels:
None

Acceptance Criteria:
Patch Jetty server to 9.4.56

Description

Title: Eclipse Jetty Denial of Service (DoS) Vulnerability
CVSS: 3.7

What exactly is the issue that we want to mitigate.
Resolve CVSS: 3.7 : Eclipse Jetty Denial of Service (DoS) Vulnerability
https://www.cve.org/CVERecord?id=CVE-2024-9823

What are we going to do to rectify it (the steps we are going to take).
Upgrade the Lamaxu agent to version 7.0.1.10 to upgrade the vulnerable Jetty libraries to version 9.4.56.v20240826

What happens if not addressed?
Unauthorized users could cause remote denial-of-service (DoS) attack and exhaust the server's memory.

What's the impact and will there be possible downtime?
No impact unless denial-of-service (DoS) attack occurs.

Risks, if any, in implementing the change.
No risks

Attachments

Activity

People

Assignee:

Matthew Batterham

Reporter:

Matthew Batterham

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Due:

13/Dec/24

Created:

08/Mar/25 3:55 PM

Updated:

08/Mar/25 4:54 PM

Resolved:

08/Mar/25 4:54 PM