GHSA-ghgj-3xqr-6jfm

Suggest an improvement
Source
https://github.com/advisories/GHSA-ghgj-3xqr-6jfm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-ghgj-3xqr-6jfm/GHSA-ghgj-3xqr-6jfm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-ghgj-3xqr-6jfm
Aliases
  • CVE-2015-2080
Published
2018-11-09T17:50:00Z
Modified
2024-02-16T08:18:50.534710Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
Details

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

Affected packages

Maven / org.eclipse.jetty:jetty-server

Package

Name
org.eclipse.jetty:jetty-server
View open source insights on deps.dev
Purl
pkg:maven/org.eclipse.jetty/jetty-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.9.v20150224

Affected versions

7.*

7.0.0.M0
7.0.0.M1
7.0.0.M2
7.0.0.M3
7.0.0.M4
7.0.0.RC0
7.0.0.RC1
7.0.0.RC2
7.0.0.RC3
7.0.0.RC4
7.0.0.RC5
7.0.0.RC6
7.0.0.v20091005
7.0.1.v20091125
7.0.2.RC0
7.0.2.v20100331
7.1.0.RC0
7.1.0.RC1
7.1.0.v20100505
7.1.1.v20100517
7.1.2.v20100523
7.1.3.v20100526
7.1.4.v20100610
7.1.5.v20100705
7.1.6.v20100715
7.2.0.RC0
7.2.0.v20101020
7.2.1.v20101111
7.2.2.v20101205
7.3.0.v20110203
7.3.1.v20110307
7.4.0.RC0
7.4.0.v20110414
7.4.1.v20110513
7.4.2.v20110526
7.4.3.v20110701
7.4.4.v20110707
7.4.5.v20110725
7.5.0.RC0
7.5.0.RC1
7.5.0.RC2
7.5.0.v20110901
7.5.1.v20110908
7.5.2.v20111006
7.5.3.v20111011
7.5.4.v20111024
7.6.0.RC0
7.6.0.RC1
7.6.0.RC2
7.6.0.RC3
7.6.0.RC4
7.6.0.RC5
7.6.0.v20120127
7.6.1.v20120215
7.6.2.v20120308
7.6.3.v20120416
7.6.4.v20120524
7.6.5.v20120716
7.6.6.v20120903
7.6.7.v20120910
7.6.8.v20121106
7.6.9.v20130131
7.6.10.v20130312
7.6.11.v20130520
7.6.12.v20130726
7.6.13.v20130916
7.6.14.v20131031
7.6.15.v20140411
7.6.16.v20140903
7.6.17.v20150415
7.6.18.v20150929
7.6.19.v20160209
7.6.20.v20160902
7.6.21.v20160908

8.*

8.0.0.M0
8.0.0.M1
8.0.0.M2
8.0.0.M3
8.0.0.RC0
8.0.0.v20110901
8.0.1.v20110908
8.0.2.v20111006
8.0.3.v20111011
8.0.4.v20111024
8.1.0.RC0
8.1.0.RC1
8.1.0.RC2
8.1.0.RC4
8.1.0.RC5
8.1.0.v20120127
8.1.1.v20120215
8.1.2.v20120308
8.1.3.v20120416
8.1.4.v20120524
8.1.5.v20120716
8.1.6.v20120903
8.1.7.v20120910
8.1.8.v20121106
8.1.9.v20130131
8.1.10.v20130312
8.1.11.v20130520
8.1.12.v20130726
8.1.13.v20130916
8.1.14.v20131031
8.1.15.v20140411
8.1.16.v20140903
8.1.17.v20150415
8.1.18.v20150929
8.1.19.v20160209
8.1.20.v20160902
8.1.21.v20160908
8.1.22.v20160922
8.2.0.v20160908

9.*

9.0.0.M0
9.0.0.M1
9.0.0.M2
9.0.0.M3
9.0.0.M4
9.0.0.M5
9.0.0.RC0
9.0.0.RC1
9.0.0.RC2
9.0.0.v20130308
9.0.1.v20130408
9.0.2.v20130417
9.0.3.v20130506
9.0.4.v20130625
9.0.5.v20130815
9.0.6.v20130930
9.0.7.v20131107
9.1.0.M0
9.1.0.RC0
9.1.0.RC1
9.1.0.RC2
9.1.0.v20131115
9.1.1.v20140108
9.1.2.v20140210
9.1.3.v20140225
9.1.4.v20140401
9.1.5.v20140505
9.1.6.v20160112
9.2.0.M0
9.2.0.M1
9.2.0.RC0
9.2.0.v20140526
9.2.1.v20140609
9.2.2.v20140723
9.2.3.v20140905
9.2.4.v20141103
9.2.5.v20141112
9.2.6.v20141205
9.2.7.v20150116
9.2.8.v20150217

Database specific

{
    "last_known_affected_version_range": "<= 9.2.8.v20150217"
}