Description
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
Product(s):
- Jetty HTTP Server 4.0.0
- Jetty HTTP Server 4.0.1
- Jetty HTTP Server 4.0.1 RC0
- Jetty HTTP Server 4.0.1 RC1
- Jetty HTTP Server 4.0.1 RC2
- Jetty HTTP Server 4.0.2
- Jetty HTTP Server 4.0.3
- Jetty HTTP Server 4.0.4
- Jetty HTTP Server 4.0.5
- Jetty HTTP Server 4.0.6
- Jetty HTTP Server 4.0.b0
- Jetty HTTP Server 4.0.b1
- Jetty HTTP Server 4.0.b2
- Jetty HTTP Server 4.0.d0
- Jetty HTTP Server 4.0.d1
- Jetty HTTP Server 4.0.d2
- Jetty HTTP Server 4.0.d3
- Jetty HTTP Server 4.0.d4
- Jetty HTTP Server 4.0 RC1
- Jetty HTTP Server 4.0 RC2
- Jetty HTTP Server 4.0 RC3
- Jetty HTTP Server 4.1.0
- Jetty HTTP Server 4.1.0 RC0
- Jetty HTTP Server 4.1.0 RC1
- Jetty HTTP Server 4.1.0 RC2
- Jetty HTTP Server 4.1.0 RC3
- Jetty HTTP Server 4.1.0 RC4
- Jetty HTTP Server 4.1.0 RC5
- Jetty HTTP Server 4.1.0 RC6
- Jetty HTTP Server 4.1.1
- Jetty HTTP Server 4.1.2
- Jetty HTTP Server 4.1.3
- Jetty HTTP Server 4.1.4
- Jetty HTTP Server 4.1.b0
- Jetty HTTP Server 4.1.b1
- Jetty HTTP Server 4.1.d0
- Jetty HTTP Server 4.1.d1
- Jetty HTTP Server 4.1.d2
- Jetty HTTP Server 4.2.0
- Jetty HTTP Server 4.2.0 Beta 0
- Jetty HTTP Server 4.2.0 RC0
- Jetty HTTP Server 4.2.0 RC1
- Jetty HTTP Server 4.2.10
- Jetty HTTP Server 4.2.10 Pre0
- Jetty HTTP Server 4.2.10 Pre1
- Jetty HTTP Server 4.2.11
- Jetty HTTP Server 4.2.12
- Jetty HTTP Server 4.2.14
- Jetty HTTP Server 4.2.14 RC0
- Jetty HTTP Server 4.2.14 RC1
- Jetty HTTP Server 4.2.15
- Jetty HTTP Server 4.2.15 RC0
- Jetty HTTP Server 4.2.16
- Jetty HTTP Server 4.2.17
- Jetty HTTP Server 4.2.18
- Jetty HTTP Server 4.2.1
- Jetty HTTP Server 4.2.2
- Jetty HTTP Server 4.2.3
- Jetty HTTP Server 4.2.4
- Jetty HTTP Server 4.2.4 RC0
- Jetty HTTP Server 4.2.5
- Jetty HTTP Server 4.2.6
- Jetty HTTP Server 4.2.7
- Jetty HTTP Server 4.2.8_01
- Jetty HTTP Server 4.2.9
- Jetty HTTP Server 4.2.9_rc1
- Jetty HTTP Server 4.2.9 RC2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2381, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2381 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.