🛡️ CVE-2022-2048
🟠 CVSS 8.0 — High ✅ No Known Exploit CWE-410 NVD
8.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.

Details

Severity HIGH
CVSS Score 8.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE CWE-410
Public Exploit ✅ No
Source NVD
Published 2022-07-07
Updated 2026-06-15
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
debian-linux
element-plug-in-for-vcenter-server
hci-compute-node
jenkins
jetty 11.0.0 11.0.9
management-services-for-element-software-and-netapp-hci
org.eclipse.jetty.http2:http2-server 11.0.0 11.0.10
snapcenter
solidfire-\&-hci-storage-node

References

Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2022/09/09/2
Mailing List, Third Party Advisory http://www.openwall.com/lists/oss-security/2022/09/09/2

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.