jenkins-2.452
2.452.4-r4
5.9
CVSS V3
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Remote DOS attack can cause out of memory
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote()
which
can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By
repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the
server's memory.
Do not use ThreadLimitHandler
.
Consider use of QoSHandler
instead to artificially limit resource utilization.
Jetty 12 - https://github.com/jetty/jetty.project/pull/11723