CVE-2015-2080 Vulnerability in maven package org.eclipse.jetty:jetty-http

Description

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Remediation

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html

http://www.securityfocus.com/bid/72768

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html

http://seclists.org/fulldisclosure/2015/Mar/12

https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html

http://www.securitytracker.com/id/1031800

http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html

https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html

http://www.securityfocus.com/archive/1/534755/100/1600/threaded

https://security.netapp.com/advisory/ntap-20190307-0005/

Related Vulnerabilities

CVE-2019-10283 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration

CVE-2019-10358 Vulnerability in maven package org.jenkins-ci.main:maven-plugin

CVE-2019-20503 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-41151 Vulnerability in npm package @backstage/plugin-scaffolder-backend

CVE-2017-16086 Vulnerability in npm package ua-parser

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N