- Home
- CVEs with nessus.description==The remote instance of Jetty is affected by a remote memory disclosure vulnerability in the HttpParser module due to incorrect handling of illegal characters in header values. When an illegal character is encountered in an HTTP request, Jetty writes a response in a shared buffer that was used in a previous request. Jetty's response to the client includes this shared buffer which contains potentially sensitive data from the previous request. An attacker, using specially crafted requests containing variable length strings of illegal characters, can steal sensitive header data (e.g. cookies, authentication tokens) or sensitive POST data (e.g. credentials).
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top