GSD-2015-2080
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-2080",
"description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"id": "GSD-2015-2080",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2015-2080"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-2080"
],
"details": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"id": "GSD-2015-2080",
"modified": "2023-12-13T01:20:00.529413Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/12"
},
{
"name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
"refsource": "MLIST",
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
},
{
"name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
"refsource": "MLIST",
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
},
{
"name": "72768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72768"
},
{
"name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"name": "1031800",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031800"
},
{
"name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
},
{
"name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
},
{
"name": "FEDORA-2015-2673",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[9.2.3.v20140905,9.2.8.v20150217],[9.3.0.M0,9.3.0.M1]",
"affected_versions": "All versions starting from 9.2.3 to 9.2.8, 9.3.0.M0, and 9.3.0.M1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2019-03-08",
"description": "The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"fixed_versions": [
"9.2.9.v20150224"
],
"identifier": "CVE-2015-2080",
"identifiers": [
"CVE-2015-2080"
],
"package_slug": "maven/org.eclipse.jetty/jetty-http",
"pubdate": "2016-10-07",
"solution": "Upgrade to version 9.2.9.v20150224 or above",
"title": "Remote Leakage Of Shared Buffers In Jetty Web Server",
"urls": [
"http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"http://eclipse.org/jetty/documentation/current/security-reports.html",
"https://github.com/GDSSecurity/Jetleak-Testing-Script"
],
"uuid": "800ff41c-500f-4e88-a3b5-77f4e3500075"
},
{
"affected_range": "(,9.2.8.v20150217]",
"affected_versions": "All versions up to 9.2.8.v20150217",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-937"
],
"date": "2021-06-10",
"description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
"fixed_versions": [
"9.2.9.v20150224"
],
"identifier": "CVE-2015-2080",
"identifiers": [
"GHSA-ghgj-3xqr-6jfm",
"CVE-2015-2080"
],
"not_impacted": "All versions after 9.2.8.v20150217",
"package_slug": "maven/org.eclipse.jetty/jetty-server",
"pubdate": "2018-11-09",
"solution": "Upgrade to version 9.2.9.v20150224 or above.",
"title": "Exposure of Sensitive Information to an Unauthorized Actor",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-2080",
"https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"https://github.com/advisories/GHSA-ghgj-3xqr-6jfm",
"https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"https://security.netapp.com/advisory/ntap-20190307-0005/",
"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html",
"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html",
"http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"http://seclists.org/fulldisclosure/2015/Mar/12",
"http://www.securityfocus.com/archive/1/534755/100/1600/threaded",
"http://www.securityfocus.com/bid/72768",
"http://www.securitytracker.com/id/1031800"
],
"uuid": "504a07f0-dece-44fd-ab86-ed28dd8427d8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2080"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-2673",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
},
{
"name": "72768",
"refsource": "BID",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/72768"
},
{
"name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
},
{
"name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2015/Mar/12"
},
{
"name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
},
{
"name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
},
{
"name": "1031800",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1031800"
},
{
"name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
},
{
"name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
},
{
"name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-03-08T11:29Z",
"publishedDate": "2016-10-07T14:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…