Vulnerabilities > CVE-2004-2381 - Unspecified vulnerability in Jetty Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN jetty
nessus
Summary
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
Vulnerable Configurations
Nessus
NASL family | Web Servers |
NASL id | JETTY_4_1_9_DOS.NASL |
description | According to its banner, the remote host is running a version of Jetty that is older than 4.2.19. The version is vulnerable to a unspecified denial of service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17348 |
published | 2005-03-17 |
reporter | This script is Copyright (C) 2005-2018 Westpoint Limited |
source | https://www.tenable.com/plugins/nessus/17348 |
title | Jetty < 4.2.19 HTTP Server HttpRequest.java Content-Length Handling Remote Overflow DoS |
code |
|
References
- http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
- http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76
- http://secunia.com/advisories/11166/
- http://secunia.com/advisories/11166/
- http://sourceforge.net/project/shownotes.php?release_id=224743
- http://sourceforge.net/project/shownotes.php?release_id=224743
- http://www.osvdb.org/4387
- http://www.osvdb.org/4387
- http://www.securityfocus.com/bid/9917
- http://www.securityfocus.com/bid/9917
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15537
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15537