DLA-3780-1: jetty9 security update

Jetty 9, a popular Java-based web server and servlet engine, has recently been the subject of crucial security updates. Numerous organizations utilize Jetty 9 for its efficient processing of large-scale web applications. However, it was disclosed that specific versions of Jetty are vulnerable to an exploitative tactic that could cause significant service disruptions.

Identified by the CVE identifier CVE-2024-22201, the issue arises with Jetty's handling of HTTP/2 connections combined with SSL encryption. When these specific connections timeout under certain conditions, they fail to close properly. This mismanagement leads to what is known as a "connection leak." Over time, accumulated unresolved connections can overwhelm the server's capacity to manage new requests. This malfunction causes file descriptors to exhaust, effectively paralyzing the server from accepting any legitimate client connections, thereby leading to a potential denial of service (DoS).

The risk here is non-trivial; multiple such leaks could, over time, cause severe availability issues and compromise application responsiveness and effectiveness, particularly in high-load environments where connection turnover is substantial.

Fortunately, resolutions to these vulnerabilities have been issued. Patches are available for multiple versions of Jetty: v9.4.54, v10.0.20, v11.0.20, and v12.0.6. Implementing these patches is vital for maintaining the integrity and availability of servers running on these versions of Jetty. Patching these vulnerabilities will help in eliminating risks of DoS attacks that exploit these weaknesses.

For Linux server administrators, maintaining server health involves regular updates and patches. To streamline this process and ensure that security patches, like the ones for Jetty, are systematically applied, consider using a platform like LinuxPatch. LinuxPatch is specially designed to manage patches for Linux servers, providing an efficient solution to keep your server protected against known vulnerabilities effectively.

Action Call: Protect your server infrastructure by ensuring your Jetty versions are updated to the latest secure releases. Visit LinuxPatch to discover how automated patch management can safeguard your server systems comprehensively, keeping you a step ahead of potential threats.