CVE-2015-2080

Опубликовано: 07 окт. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Критический

Описание

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Ссылки

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
Vendor Advisory
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
Third Party Advisory
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Mar/12
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
Broken Link
http://www.securitytracker.com/id/1031800
Third Party Advisory
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
Exploit
Third Party Advisory
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
Exploit
Vendor Advisory
https://security.netapp.com/advisory/ntap-20190307-0005/
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
Vendor Advisory
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
Third Party Advisory
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Mar/12
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
Broken Link
http://www.securitytracker.com/id/1031800
Third Party Advisory
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*

cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.90878

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-2080

CVSS3: 7.5

ubuntu

больше 9 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVE-2015-2080

redhat

почти 11 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

CVE-2015-2080

CVSS3: 7.5

debian

больше 9 лет назад

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 al ...

GHSA-ghgj-3xqr-6jfm

CVSS3: 7.5

github

около 7 лет назад

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

EPSS

Процентиль: 100%

0.90878

Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200