Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2381

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2381
Last Modified 05 Sep 2008 04:43:58
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2381

Summary

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

Vulnerable Systems

Application

  • Jetty Http Server 4.0 Rc1

  • Jetty Http Server 4.0 Rc2

  • Jetty Http Server 4.0 Rc3

  • Jetty Http Server 4.0.0

  • Jetty Http Server 4.0.1

  • Jetty Http Server 4.0.1 Rc0

  • Jetty Http Server 4.0.1 Rc1

  • Jetty Http Server 4.0.1 Rc2

  • Jetty Http Server 4.0.2

  • Jetty Http Server 4.0.3

  • Jetty Http Server 4.0.4

  • Jetty Http Server 4.0.5

  • Jetty Http Server 4.0.6

  • Jetty Http Server 4.0.b0

  • Jetty Http Server 4.0.b1

  • Jetty Http Server 4.0.b2

  • Jetty Http Server 4.0.d0

  • Jetty Http Server 4.0.d1

  • Jetty Http Server 4.0.d2

  • Jetty Http Server 4.0.d3

  • Jetty Http Server 4.0.d4

  • Jetty Http Server 4.1.0

  • Jetty Http Server 4.1.0 Rc0

  • Jetty Http Server 4.1.0 Rc1

  • Jetty Http Server 4.1.0 Rc2

  • Jetty Http Server 4.1.0 Rc3

  • Jetty Http Server 4.1.0 Rc4

  • Jetty Http Server 4.1.0 Rc5

  • Jetty Http Server 4.1.0 Rc6

  • Jetty Http Server 4.1.1

  • Jetty Http Server 4.1.2

  • Jetty Http Server 4.1.3

  • Jetty Http Server 4.1.4

  • Jetty Http Server 4.1.b0

  • Jetty Http Server 4.1.b1

  • Jetty Http Server 4.1.d0

  • Jetty Http Server 4.1.d1

  • Jetty Http Server 4.1.d2

  • Jetty Http Server 4.2.0

  • Jetty Http Server 4.2.0 Beta0

  • Jetty Http Server 4.2.0 Rc0

  • Jetty Http Server 4.2.0 Rc1

  • Jetty Http Server 4.2.1

  • Jetty Http Server 4.2.10

  • Jetty Http Server 4.2.10 Pre0

  • Jetty Http Server 4.2.10 Pre1

  • Jetty Http Server 4.2.11

  • Jetty Http Server 4.2.12

  • Jetty Http Server 4.2.14

  • Jetty Http Server 4.2.14 Rc0

  • Jetty Http Server 4.2.14 Rc1

  • Jetty Http Server 4.2.15

  • Jetty Http Server 4.2.15 Rc0

  • Jetty Http Server 4.2.16

  • Jetty Http Server 4.2.17

  • Jetty Http Server 4.2.18

  • Jetty Http Server 4.2.2

  • Jetty Http Server 4.2.3

  • Jetty Http Server 4.2.4

  • Jetty Http Server 4.2.4 Rc0

  • Jetty Http Server 4.2.5

  • Jetty Http Server 4.2.6

  • Jetty Http Server 4.2.7

  • Jetty Http Server 4.2.8 01

  • Jetty Http Server 4.2.9

  • Jetty Http Server 4.2.9 Rc1

  • Jetty Http Server 4.2.9 Rc2


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=224743

SECUNIA - 11166

XF - jetty-dos(15537)

BID - 9917

OSVDB - 4387

CONFIRM - http://cvs.sourceforge.net/viewcvs.py/jetty/Jetty/src/org/mortbay/http/HttpRequest.java?r1=1.75&r2=1.76


Last Updated: 27 May 2016 10:39:26