GHSA-ghgj-3xqr-6jfm

Опубликовано: 09 нояб. 2018

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Ссылки

Пакеты

Наименование

org.eclipse.jetty:jetty-server

maven

Затронутые версииВерсия исправления

<= 9.2.8.v20150217

9.2.9.v20150224

EPSS

Процентиль: 100%

0.92414

Критический

7.5 High

CVSS3

CVE ID

CVE-2015-2080

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-2080

CVSS3: 7.5

ubuntu

больше 9 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVE-2015-2080

redhat

почти 11 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVE-2015-2080

CVSS3: 7.5

nvd

больше 9 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVE-2015-2080

CVSS3: 7.5

debian

больше 9 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 al ...

EPSS

Процентиль: 100%

0.92414

Критический

7.5 High

CVSS3

CVE ID

CVE-2015-2080

Дефекты

CWE-200