Is CVE-2024-22201 actively exploited?

CVE-2024-22201 has no public evidence of in-the-wild exploitation as of 2025-02-13.

What is the CVSS score for CVE-2024-22201?

CVE-2024-22201 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

How do I patch CVE-2024-22201?

Patch guidance is available from eclipse security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-22201.

Fix CVE-2024-22201 - HIGH eclipse jetty

Q: Which products are affected by CVE-2024-22201?

8 products: eclipse jetty, eclipse jetty, eclipse jetty, eclipse jetty, debian debian linux, and 3 more.

Description

Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-400 CWE-770

Metadata

Primary Vendor: ECLIPSE
Published: 2/26/2024
Last Modified: 2/13/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

eclipse : jettyeclipse : jettyeclipse : jettyeclipse : jettydebian : debian_linuxnetapp : active_iq_unified_managernetapp : active_iq_unified_managernetapp : bluexp

Remediation Guidance

Executive Summary

View on NIST NVD