DSA-5540-1 jetty9 -- jetty9ID: oval:org.secpod.oval:def:95248 | Date: (C)2023-12-01 (M)2024-05-09 |
Class: PATCH | Family: unix |
Two remotely exploitable security vulnerabilities were discovered in Jetty 9, a Java based web server and servlet engine. The HTTP/2 protocol implementation did not sufficiently verify if HPACK header values exceed their size limit. Furthermore the HTTP/2 protocol allowed a denial of service because request cancellation can reset many streams quickly. This problem is also known as Rapid Reset Attack.
Platform: |
Linux Mint 6 |
Linux Mint 5 |
Product: |
libjetty9-java |
libjetty9-extra-java |
jetty9 |