Description
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Remediation
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
http://www.securityfocus.com/bid/72768
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
http://seclists.org/fulldisclosure/2015/Mar/12
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
http://www.securitytracker.com/id/1031800
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
https://security.netapp.com/advisory/ntap-20190307-0005/
Related Vulnerabilities
CVE-2021-21162 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-36083 Vulnerability in npm package jose-node-cjs-runtime
CVE-2020-27665 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2020-25640 Vulnerability in maven package org.jboss.genericjms:generic-jms-ra-jar
CVE-2020-10687 Vulnerability in maven package io.undertow:undertow-core