CVE-2004-2381 — Jetty HTTP Server Denial of Service vulnerability

Description

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

How to fix CVE-2004-2381

To remediate CVE-2004-2381, upgrade the affected package to a fixed version below.

Maven/org.mortbay.jetty:jetty—upgrade to 4.2.19 or later

Is CVE-2004-2381 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 4.2.19

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2004-2381
WEBcvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
WEBexchange.xforce.ibmcloud.com/vulnerabilities/15537
WEBsourceforge.net/project/shownotes.php?release_id=224743