DSA-5540 jetty9 – security update

Debian Security Advisory

Two remotely exploitable security vulnerabilities were discovered in Jetty 9,
a Java based web server and servlet engine. The HTTP/2 protocol implementation
did not sufficiently verify if HPACK header values exceed their size limit.
Furthermore the HTTP/2 protocol allowed a denial of service (server resource
consumption) because request cancellation can reset many streams quickly. This
problem is also known as Rapid Reset Attack.

READ MORE