CVE-2015-2080: Remote Leakage Of Shared Buffers In Jetty Web Server

October 7, 2016 (updated March 8, 2019)

The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
eclipse.org/jetty/documentation/current/security-reports.html
github.com/GDSSecurity/Jetleak-Testing-Script

Detect and mitigate CVE-2015-2080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →