Uploaded image for project: 'LAMAXU'
  1. LAMAXU
  2. LAMA-140

CVE-2024-13009 - Eclipse Jetty Gzip Error When Inflating A Request Body Vulnerability

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0.8.1
    • Component/s: General
    • Labels:
    • Acceptance Criteria:
      Upgrade to Jetty 12.1.3

      Description

      https://nvd.nist.gov/vuln/detail/CVE-2024-13009 

      Description
      Title: Eclipse Jetty Gzip Error When Inflating A Request Body Vulnerability
      CVSS: 3.7

      DNS: sbnapdcqml01v.na.sbicdirectory.com
      IP: 10.248.171.243
      Port: 8085

      Threat:
      Eclipse Jetty is a Java HTTP server and Java Servlet container. While Web Servers are usually associated with serving documents to people, Jetty is now often used for machine-to-machine communications, usually within larger software frameworks.

      A buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests.

      Versions Affected:
      Eclipse Jetty 9.4.0 to 9.4.56

      QID Detection Logic:(Unauthenticated)
      It looks at http banner to check for vulnerable version of Jetty.

      Impact:
      Successful exploitation of the vulnerability may lead to corrupted and/or inadvertent sharing of data between requests.

       

        Attachments

          Activity

            People

            • Assignee:
              matt Matthew Batterham
              Reporter:
              matt Matthew Batterham
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: