ALAS-2024-2702

There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. (CVE-2024-9823)

noarch:
    jetty-project-9.0.3-8.amzn2.0.4.noarch
    jetty-annotations-9.0.3-8.amzn2.0.4.noarch
    jetty-ant-9.0.3-8.amzn2.0.4.noarch
    jetty-client-9.0.3-8.amzn2.0.4.noarch
    jetty-continuation-9.0.3-8.amzn2.0.4.noarch
    jetty-deploy-9.0.3-8.amzn2.0.4.noarch
    jetty-http-9.0.3-8.amzn2.0.4.noarch
    jetty-io-9.0.3-8.amzn2.0.4.noarch
    jetty-jaas-9.0.3-8.amzn2.0.4.noarch
    jetty-jaspi-9.0.3-8.amzn2.0.4.noarch
    jetty-jmx-9.0.3-8.amzn2.0.4.noarch
    jetty-jndi-9.0.3-8.amzn2.0.4.noarch
    jetty-jsp-9.0.3-8.amzn2.0.4.noarch
    jetty-jspc-maven-plugin-9.0.3-8.amzn2.0.4.noarch
    jetty-maven-plugin-9.0.3-8.amzn2.0.4.noarch
    jetty-monitor-9.0.3-8.amzn2.0.4.noarch
    jetty-plus-9.0.3-8.amzn2.0.4.noarch
    jetty-proxy-9.0.3-8.amzn2.0.4.noarch
    jetty-rewrite-9.0.3-8.amzn2.0.4.noarch
    jetty-runner-9.0.3-8.amzn2.0.4.noarch
    jetty-security-9.0.3-8.amzn2.0.4.noarch
    jetty-server-9.0.3-8.amzn2.0.4.noarch
    jetty-servlet-9.0.3-8.amzn2.0.4.noarch
    jetty-servlets-9.0.3-8.amzn2.0.4.noarch
    jetty-start-9.0.3-8.amzn2.0.4.noarch
    jetty-util-9.0.3-8.amzn2.0.4.noarch
    jetty-util-ajax-9.0.3-8.amzn2.0.4.noarch
    jetty-webapp-9.0.3-8.amzn2.0.4.noarch
    jetty-xml-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-api-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-client-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-common-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-parent-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-server-9.0.3-8.amzn2.0.4.noarch
    jetty-websocket-servlet-9.0.3-8.amzn2.0.4.noarch
    jetty-javadoc-9.0.3-8.amzn2.0.4.noarch

src:
    jetty-9.0.3-8.amzn2.0.4.src