CVE-2015-2080
HIGH7.5EPSS 91.4%Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
Published: 11/9/2018Modified: 2/16/2024
Description
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Affected packages (1)
- Maven/org.eclipse.jetty:jetty-serverfrom 0, < 9.2.9.v20150224
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (13)
- ADVISORYhttps://github.com/advisories/GHSA-ghgj-3xqr-6jfm
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-2080
- WEBhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
- WEBhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
- WEBhttp://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
- WEBhttps://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- WEBhttp://seclists.org/fulldisclosure/2015/Mar/12
- WEBhttps://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- WEBhttps://security.netapp.com/advisory/ntap-20190307-0005
- WEBhttp://www.securityfocus.com/archive/1/534755/100/1600/threaded
- WEBhttp://www.securityfocus.com/bid/72768
- WEBhttp://www.securitytracker.com/id/1031800