CGA-xhx6-cwcj-fhxf

Published

Last updated

https://images.chainguard.dev/security/CGA-xhx6-cwcj-fhxf

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2015-2080
GHSA-ghgj-3xqr-6jfm

Severity

Unknown

Summary

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

Description

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

https://nvd.nist.gov/vuln/detail/CVE-2015-2080
https://github.com/advisories/GHSA-ghgj-3xqr-6jfm
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
https://security.netapp.com/advisory/ntap-20190307-0005
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
http://seclists.org/fulldisclosure/2015/Mar/12
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
http://www.securitytracker.com/id/1031800

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-xhx6-cwcj-fhxf

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources