CVE-2015-2080 – org.eclipse.jetty:jetty-server

Package

Manager: maven
Name: org.eclipse.jetty:jetty-server
Vulnerable Version: >=0 <9.2.9.v20150224

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.92094 pctl0.99697

Details

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Metadata

Created: 2018-11-09T17:50:00Z
Modified: 2022-09-14T01:06:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-ghgj-3xqr-6jfm/GHSA-ghgj-3xqr-6jfm.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-ghgj-3xqr-6jfm
Finding: F017
Auto approve: 1