vulnerability

Debian: CVE-2024-22201: jetty9 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Feb 26, 2024	Apr 8, 2024	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Feb 26, 2024

Added

Apr 8, 2024

Modified

Mar 30, 2026

Description

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

Solution

debian-upgrade-jetty9

References

CVE-2024-22201
https://attackerkb.com/topics/CVE-2024-22201
CWE-400
CWE-770
DEBIAN-DLA-3780-1
EUVD-EUVD-2024-0716
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-0716

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today