CVE-2004-2381: Jetty HTTP Server Denial of Service vulnerability

April 29, 2022 (updated September 18, 2023)

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

References

cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
sourceforge.net/project/shownotes.php?release_id=224743
www.osvdb.org/4387
exchange.xforce.ibmcloud.com/vulnerabilities/15537
github.com/advisories/GHSA-p5rr-q5g6-gm42
nvd.nist.gov/vuln/detail/CVE-2004-2381

Code Behaviors & Features

Detect and mitigate CVE-2004-2381 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →