CVE-2015-2080
CVE-2015-2080
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.htmlno verificadoexploitdbwww.exploit-db.com/exploits/39455no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.htmlhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.htmlhttp://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.htmlhttps://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.htmlhttp://seclists.org/fulldisclosure/2015/Mar/12https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.mdhttps://security.netapp.com/advisory/ntap-20190307-0005/http://www.securityfocus.com/archive/1/534755/100/1600/threadedhttp://www.securityfocus.com/bid/72768http://www.securitytracker.com/id/1031800