Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2015-2080

Published: 07/10/2016 Updated: 08/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Fedora

Vulnerability Summary

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote malicious users to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 22

eclipse jetty 9.3.0

eclipse jetty 9.2.3

eclipse jetty 9.2.8

eclipse jetty 9.2.5

eclipse jetty 9.2.4

eclipse jetty 9.2.7

eclipse jetty 9.2.6

Exploits

Exploit DB: Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
Inductive Automation Ignition 781 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: wwwinductiveautomationcom Affected version: 781 (b2016012216) and 780 (b2015101414) Platform: Java Summary: Ignition is a powerful industrial application platform with fully integrated development tools for building SCAD ...
Exploit DB: Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak
An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog' Additionally, the implemented Jetty version (94z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 929v20150224 ...
Exploit DB: Nanometrics Centaur 4.3.23 Memory Leak
Nanometrics Centaur version 4323 suffers from an unauthenticated remote memory leak vulnerability ...
Exploit DB: Jetty 9.2.8 Shared Buffer Leakage
Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users Jetty versions 923 through 928 are affected Proof of concept code included ...
Exploit DB: Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers
Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server When the Jetty web server receives a HTTP request, the below code is used to parse through the HTTP headers and their associated values Inductive Automation versions 781 (b2016012216) and 780 (b2015101414) ...

References

CWE-200http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.htmlhttp://www.securityfocus.com/bid/72768http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.htmlhttp://seclists.org/fulldisclosure/2015/Mar/12https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.mdhttp://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.htmlhttp://www.securitytracker.com/id/1031800http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.htmlhttps://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.htmlhttp://www.securityfocus.com/archive/1/534755/100/1600/threadedhttps://security.netapp.com/advisory/ntap-20190307-0005/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39455/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook