Description
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Remediation
References
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
http://seclists.org/fulldisclosure/2015/Mar/12
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
http://www.securitytracker.com/id/1031800
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
https://security.netapp.com/advisory/ntap-20190307-0005/
Related Vulnerabilities
CVE-2023-24441 Vulnerability in maven package org.jvnet.hudson.plugins:mstest
CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth
CVE-2023-26473 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2023-37964 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox
CVE-2015-8860 Vulnerability in maven package org.webjars:tar