CVE-2024-8184 MEDIUM

CVE-2024-8184: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

Vendor Eclipse Foundation
Product Jetty
Weakness CWE-400
Published October 14, 2024
Last update November 3, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory.

Key dates

02Disclosure timeline

October 14, 2024 CVE published
November 3, 2025 Record updated