The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
References
Link | Resource |
---|---|
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html | Vendor Advisory |
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html | Vendor Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html | Third Party Advisory |
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html | Exploit Third Party Advisory |
http://seclists.org/fulldisclosure/2015/Mar/12 | Exploit Third Party Advisory |
http://www.securityfocus.com/archive/1/534755/100/1600/threaded | |
http://www.securityfocus.com/bid/72768 | Broken Link |
http://www.securitytracker.com/id/1031800 | Third Party Advisory |
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html | Exploit Third Party Advisory |
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md | Exploit Vendor Advisory |
https://security.netapp.com/advisory/ntap-20190307-0005/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-07T14:00:00
Updated: 2019-03-08T10:57:01
Reserved: 2015-02-24T00:00:00
Link: CVE-2015-2080
JSON object: View
NVD Information
Status : Modified
Published: 2016-10-07T14:59:00.193
Modified: 2019-03-08T11:29:04.430
Link: CVE-2015-2080
JSON object: View
Redhat Information
No data.
CWE