Description
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Remediation
References
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
http://seclists.org/fulldisclosure/2015/Mar/12
http://www.securityfocus.com/archive/1/534755/100/1600/threaded
http://www.securityfocus.com/bid/72768
http://www.securitytracker.com/id/1031800
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
https://security.netapp.com/advisory/ntap-20190307-0005/
Related Vulnerabilities
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_sjs1_2.13
CVE-2016-8739 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-extension-providers
CVE-2021-25947 Vulnerability in npm package nestie
CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-2466 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql