CVE-2015-2080
HIGH7.5EPSS 91.4%Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
發布日:2018/11/9修改日:2024/2/16
描述
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
受影響套件(1)
- Maven/org.eclipse.jetty:jetty-serverfrom 0, < 9.2.9.v20150224
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(13)
- ADVISORYhttps://github.com/advisories/GHSA-ghgj-3xqr-6jfm
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-2080
- WEBhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
- WEBhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
- WEBhttp://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
- WEBhttps://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- WEBhttp://seclists.org/fulldisclosure/2015/Mar/12
- WEBhttps://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- WEBhttps://security.netapp.com/advisory/ntap-20190307-0005
- WEBhttp://www.securityfocus.com/archive/1/534755/100/1600/threaded
- WEBhttp://www.securityfocus.com/bid/72768
- WEBhttp://www.securitytracker.com/id/1031800