CVE-2015-2080

NameCVE-2015-2080
DescriptionThe exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
jetty (PTS)jessie, jessie (lts)6.1.26-4+deb8u2fixed
jetty8 (PTS)jessie, jessie (lts)8.1.16-4+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
jettysource(unstable)(not affected)
jetty8source(unstable)(not affected)

Notes

- jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
- jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html

Search for package or bug name: Reporting problems