CVE-2015-2080

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-2080

CGA ID

CGA-xhx6-cwcj-fhxf

Severity

Unknown

Summary

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

Description

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

https://images.chainguard.dev/security/CGA-xhx6-cwcj-fhxf
https://github.com/advisories/GHSA-ghgj-3xqr-6jfm
https://nvd.nist.gov/vuln/detail/CVE-2015-2080
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
https://security.netapp.com/advisory/ntap-20190307-0005
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
http://seclists.org/fulldisclosure/2015/Mar/12
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
http://www.securitytracker.com/id/1031800

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2015-2080

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources