gsd-2015-2080
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-2080",
"description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"id": "GSD-2015-2080",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2015-2080"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-2080"
],
"details": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"id": "GSD-2015-2080",
"modified": "2023-12-13T01:20:00.529413Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/12"
},
{
"name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
"refsource": "MLIST",
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
},
{
"name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
"refsource": "MLIST",
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
},
{
"name": "72768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72768"
},
{
"name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"name": "1031800",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031800"
},
{
"name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
},
{
"name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
},
{
"name": "FEDORA-2015-2673",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[9.2.3.v20140905,9.2.8.v20150217],[9.3.0.M0,9.3.0.M1]",
"affected_versions": "All versions starting from 9.2.3 to 9.2.8, 9.3.0.M0, and 9.3.0.M1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2019-03-08",
"description": "The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"fixed_versions": [
"9.2.9.v20150224"
],
"identifier": "CVE-2015-2080",
"identifiers": [
"CVE-2015-2080"
],
"package_slug": "maven/org.eclipse.jetty/jetty-http",
"pubdate": "2016-10-07",
"solution": "Upgrade to version 9.2.9.v20150224 or above",
"title": "Remote Leakage Of Shared Buffers In Jetty Web Server",
"urls": [
"http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"http://eclipse.org/jetty/documentation/current/security-reports.html",
"https://github.com/GDSSecurity/Jetleak-Testing-Script"
],
"uuid": "800ff41c-500f-4e88-a3b5-77f4e3500075"
},
{
"affected_range": "(,9.2.8.v20150217]",
"affected_versions": "All versions up to 9.2.8.v20150217",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2021-06-10",
"description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"fixed_versions": [
"9.2.9.v20150224"
],
"identifier": "CVE-2015-2080",
"identifiers": [
"GHSA-ghgj-3xqr-6jfm",
"CVE-2015-2080"
],
"not_impacted": "All versions after 9.2.8.v20150217",
"package_slug": "maven/org.eclipse.jetty/jetty-server",
"pubdate": "2018-11-09",
"solution": "Upgrade to version 9.2.9.v20150224 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2080",
"https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"https://github.com/advisories/GHSA-ghgj-3xqr-6jfm",
"https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"https://security.netapp.com/advisory/ntap-20190307-0005/",
"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html",
"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html",
"http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"http://seclists.org/fulldisclosure/2015/Mar/12",
"http://www.securityfocus.com/archive/1/534755/100/1600/threaded",
"http://www.securityfocus.com/bid/72768",
"http://www.securitytracker.com/id/1031800"
],
"uuid": "504a07f0-dece-44fd-ab86-ed28dd8427d8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2080"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-2673",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
},
{
"name": "72768",
"refsource": "BID",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/72768"
},
{
"name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
},
{
"name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/12"
},
{
"name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
},
{
"name": "1031800",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1031800"
},
{
"name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
},
{
"name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-03-08T11:29Z",
"publishedDate": "2016-10-07T14:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.