CVE-2024-9823 – This vulnerability in Jetty's DosFilter allows ... (How to Fix)

Q: What is the severity of CVE-2024-9823?

CVE-2024-9823 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-of-service conditions. It affects servers using Jetty's DosFilter with vulnerable configurations. Organizations running affected Jetty versions with DosFilter enabled are at risk.

📋 TL;DR

This vulnerability in Jetty's DosFilter allows unauthenticated attackers to send crafted requests that trigger OutOfMemory errors, leading to denial-of-service conditions. It affects servers using Jetty's DosFilter with vulnerable configurations. Organizations running affected Jetty versions with DosFilter enabled are at risk.

💻 Affected Systems

Products:

Jetty

Versions: Jetty 9.4.0 through 9.4.55, 10.0.0 through 10.0.21, 11.0.0 through 11.0.21

Operating Systems: All

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when DosFilter is explicitly enabled in configuration. Default installations without DosFilter are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server unavailability due to memory exhaustion, requiring manual intervention to restart services and potentially causing extended downtime.

🟠

Likely Case

Intermittent service degradation or temporary outages as memory consumption spikes, affecting application availability.

🟢

If Mitigated

Minimal impact with proper monitoring and resource limits in place, allowing for quick detection and response.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending repeated crafted requests to trigger memory exhaustion. The advisory includes technical details that could facilitate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jetty 9.4.56, 10.0.22, 11.0.22

Vendor Advisory: https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h

Restart Required: Yes

Instructions:

1. Identify current Jetty version. 2. Upgrade to patched version (9.4.56, 10.0.22, or 11.0.22). 3. Restart Jetty server. 4. Verify fix by checking version and monitoring for memory issues.

🔧 Temporary Workarounds

Disable DosFilter

all

Remove or disable DosFilter configuration if not required for your application.

Edit jetty configuration files to remove or comment out DosFilter settings

Implement Rate Limiting

all

Add network-level rate limiting to restrict request frequency from single sources.

Configure firewall or load balancer rules to limit requests per IP

🧯 If You Can't Patch

Implement strict network segmentation to limit access to vulnerable servers
Deploy memory monitoring with alerting for abnormal consumption patterns

🔍 How to Verify

Check if Vulnerable:

Check Jetty version and verify if DosFilter is enabled in configuration files. Versions 9.4.0-9.4.55, 10.0.0-10.0.21, or 11.0.0-11.0.21 with DosFilter enabled are vulnerable.

Check Version:

java -jar jetty-home-*.jar --version or check server startup logs

Verify Fix Applied:

Confirm Jetty version is 9.4.56, 10.0.22, or 11.0.22 and test with simulated requests while monitoring memory usage.

📡 Detection & Monitoring

Log Indicators:

Repeated OutOfMemoryError entries in logs
Abnormal memory consumption patterns
High frequency of similar requests

Network Indicators:

Unusually high request rates from single IPs
Pattern of crafted requests targeting specific endpoints

SIEM Query:

source="jetty.log" AND ("OutOfMemoryError" OR "java.lang.OutOfMemoryError")

📊 Metadata

CVE ID: CVE-2024-9823

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-400

Published: October 14, 2024

Last Updated: November 3, 2025

🔗 References

https://github.com/jetty/jetty.project/issues/1256 Issue Tracking
https://github.com/jetty/jetty.project/security/advisories/GHSA-7hcf-ppf8-5w5h Vendor Advisory
https://gitlab.eclipse.org/security/cve-assignement/-/issues/39 Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00001.html
https://security.netapp.com/advisory/ntap-20250306-0006/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9823, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Active Iq Unified Manager by Netapp

Active Iq Unified Manager by Netapp

Active Iq Unified Manager by Netapp

Bootstrap Os by Netapp

Jetty by Eclipse

Jetty by Eclipse

Jetty by Eclipse

Jetty by Eclipse

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable DosFilter

Implement Rate Limiting

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities