HIGH 7.5 Maven
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
GHSA-ghgj-3xqr-6jfm · CVE-2015-2080
Published · Modified
Description
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-2080
- WEB https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- ADVISORY https://github.com/advisories/GHSA-ghgj-3xqr-6jfm
- WEB https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- WEB https://security.netapp.com/advisory/ntap-20190307-0005
- WEB http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
- WEB http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
- WEB http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
- WEB http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
- WEB http://seclists.org/fulldisclosure/2015/Mar/12
- WEB http://www.securityfocus.com/archive/1/534755/100/1600/threaded
- WEB http://www.securityfocus.com/bid/72768
- WEB http://www.securitytracker.com/id/1031800
Ready to move
Start Securing
Free, no credit card | First findings in minutes