cvelistv5 - cve-2015-2080

CVE-2015-2080 (GCVE-0-2015-2080)

Vulnerability from cvelistv5

Published

2016-10-07 14:00

Modified

2024-08-06 05:02

Severity ?

CWE

Summary

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

URL

Tags

cve@mitre.org	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html	Vendor Advisory
cve@mitre.org	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html	Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html	Exploit, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Mar/12	Exploit, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/534755/100/1600/threaded
cve@mitre.org	http://www.securityfocus.com/bid/72768	Broken Link
cve@mitre.org	http://www.securitytracker.com/id/1031800	Third Party Advisory
cve@mitre.org	https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md	Exploit, Vendor Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190307-0005/
af854a3a-2127-422b-91ae-364da2661108	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Mar/12	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534755/100/1600/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72768	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031800	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190307-0005/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:02:43.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
          },
          {
            "name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
          },
          {
            "name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
          },
          {
            "name": "72768",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72768"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
          },
          {
            "name": "1031800",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031800"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
          },
          {
            "name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
          },
          {
            "name": "FEDORA-2015-2673",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
        },
        {
          "name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
        },
        {
          "name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
        },
        {
          "name": "72768",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72768"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
        },
        {
          "name": "1031800",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031800"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
        },
        {
          "name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
        },
        {
          "name": "FEDORA-2015-2673",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2080",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
            },
            {
              "name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
              "refsource": "MLIST",
              "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
            },
            {
              "name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
              "refsource": "MLIST",
              "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
            },
            {
              "name": "72768",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72768"
            },
            {
              "name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
            },
            {
              "name": "1031800",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031800"
            },
            {
              "name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
            },
            {
              "name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
              "refsource": "MISC",
              "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
            },
            {
              "name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
            },
            {
              "name": "FEDORA-2015-2673",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2080",
    "datePublished": "2016-10-07T14:00:00",
    "dateReserved": "2015-02-24T00:00:00",
    "dateUpdated": "2024-08-06T05:02:43.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2080\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-10-07T14:59:00.193\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.\"},{\"lang\":\"es\",\"value\":\"El c\u00f3digo de manipulaci\u00f3n de excepciones en Eclipse Jetty en versiones anteriores a 9.2.9.v20150224 permite a atacantes remotos obtener informaci\u00f3n sensible de memoria de procesos a trav\u00e9s de caracteres no v\u00e1lidos en una cabecera HTTP, vulnerabilidad tambi\u00e9n conocida como JetLeak.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EFECB22-D7E2-4EC8-8D4C-8E2CA41A44A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC7F62C7-6118-4BAC-9B7C-C833808BBEBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A3C02FD-0183-4419-A64E-9A36E1AE376D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"173061AC-C886-49D0-9A11-5C21BE7BDF3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEBACEB6-A22C-4AC6-B9A8-71AA0A07D1BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"601221A1-E67C-4BF5-B688-C6AE0082DC7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*\",\"matchCriteriaId\":\"D363BB7B-FD7C-4DD9-A11E-8A6AF60DA477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A27520A-7A24-47EC-8D04-0F40D50FC094\"}]}]}],\"references\":[{\"url\":\"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Mar/12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/534755/100/1600/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/72768\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1031800\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190307-0005/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Mar/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/534755/100/1600/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/72768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1031800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190307-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2015-2080

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Aliases

CVE-2015-2080

Aliases

CVE-2015-2080

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2080",
    "description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
    "id": "GSD-2015-2080",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-2080"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2080"
      ],
      "details": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
      "id": "GSD-2015-2080",
      "modified": "2023-12-13T01:20:00.529413Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2080",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
          },
          {
            "name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
            "refsource": "MLIST",
            "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
          },
          {
            "name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
            "refsource": "MLIST",
            "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
          },
          {
            "name": "72768",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/72768"
          },
          {
            "name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
            "refsource": "CONFIRM",
            "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
          },
          {
            "name": "1031800",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031800"
          },
          {
            "name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
          },
          {
            "name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
            "refsource": "MISC",
            "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
          },
          {
            "name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
          },
          {
            "name": "FEDORA-2015-2673",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[9.2.3.v20140905,9.2.8.v20150217],[9.3.0.M0,9.3.0.M1]",
          "affected_versions": "All versions starting from 9.2.3 to 9.2.8, 9.3.0.M0, and 9.3.0.M1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2019-03-08",
          "description": "The exception handling code in this package allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
          "fixed_versions": [
            "9.2.9.v20150224"
          ],
          "identifier": "CVE-2015-2080",
          "identifiers": [
            "CVE-2015-2080"
          ],
          "package_slug": "maven/org.eclipse.jetty/jetty-http",
          "pubdate": "2016-10-07",
          "solution": "Upgrade to version 9.2.9.v20150224 or above",
          "title": "Remote Leakage Of Shared Buffers In Jetty Web Server",
          "urls": [
            "http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
            "http://eclipse.org/jetty/documentation/current/security-reports.html",
            "https://github.com/GDSSecurity/Jetleak-Testing-Script"
          ],
          "uuid": "800ff41c-500f-4e88-a3b5-77f4e3500075"
        },
        {
          "affected_range": "(,9.2.8.v20150217]",
          "affected_versions": "All versions up to 9.2.8.v20150217",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-200",
            "CWE-937"
          ],
          "date": "2021-06-10",
          "description": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
          "fixed_versions": [
            "9.2.9.v20150224"
          ],
          "identifier": "CVE-2015-2080",
          "identifiers": [
            "GHSA-ghgj-3xqr-6jfm",
            "CVE-2015-2080"
          ],
          "not_impacted": "All versions after 9.2.8.v20150217",
          "package_slug": "maven/org.eclipse.jetty/jetty-server",
          "pubdate": "2018-11-09",
          "solution": "Upgrade to version 9.2.9.v20150224 or above.",
          "title": "Exposure of Sensitive Information to an Unauthorized Actor",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2015-2080",
            "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
            "https://github.com/advisories/GHSA-ghgj-3xqr-6jfm",
            "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
            "https://security.netapp.com/advisory/ntap-20190307-0005/",
            "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html",
            "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html",
            "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html",
            "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
            "http://seclists.org/fulldisclosure/2015/Mar/12",
            "http://www.securityfocus.com/archive/1/534755/100/1600/threaded",
            "http://www.securityfocus.com/bid/72768",
            "http://www.securitytracker.com/id/1031800"
          ],
          "uuid": "504a07f0-dece-44fd-ab86-ed28dd8427d8"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2080"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2015-2673",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
            },
            {
              "name": "72768",
              "refsource": "BID",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.securityfocus.com/bid/72768"
            },
            {
              "name": "[jetty-announce] 20150224 Critical Security Release of Jetty 9.2.9.v20150224",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
            },
            {
              "name": "20150301 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
            },
            {
              "name": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
            },
            {
              "name": "[jetty-announce] 20150225 CVE-2015-2080 : JetLeak Vulnerability Remote Leakage of Shared Buffers in Jetty",
              "refsource": "MLIST",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
            },
            {
              "name": "1031800",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.securitytracker.com/id/1031800"
            },
            {
              "name": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
            },
            {
              "name": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
            },
            {
              "name": "20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190307-0005/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-03-08T11:29Z",
      "publishedDate": "2016-10-07T14:59Z"
    }
  }
}

De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier 8.2.0 antérieures à 8.2.0-R18
Juniper Networks	N/A	CTPOS versions antérieures à 7.3R4 ou 7.4R1
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D100
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D66, 12.3X48-D70
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D59
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D58 on EX2300/EX3400
Juniper Networks	N/A	CentOS versions 6.5 antérieures à 2012.2R12
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R8
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D50
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233 on QFX5200/QFX5110
Juniper Networks	Junos OS	Junos OS versions 16.1X70 antérieures à 16.1X70-D10
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D90
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S6, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.3.0.x antérieures à 8.3.0-R11
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S3, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D65
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7
Juniper Networks	N/A	NSM versions antérieures à 2012.2R14
Juniper Networks	Junos OS	Junos OS versions 17.2X75 antérieures à 17.2X75-D70
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D35 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66, 15.1X53-D233, 15.1X53-D471
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R2
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 16.1X65 antérieures à 16.1X65-D47
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 14.1 antérieures à 14.1R10, 14.1R9
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D47
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2-S5, 16.2R3
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66
Juniper Networks	Junos OS	Junos OS versions 12.3 antérieures à 12.3R12-S7, 12.3R13
Juniper Networks	N/A	CTPView versions antérieures à 7.3R4 ou 7.4R2
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D471 on NFX
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D76
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10K
N/A	N/A	Junos Snapshot Administrator (JSNAPy) versions antérieures à 1.3.0
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S5, 17.2R2
Juniper Networks	N/A	NorthStar Controller versions 3.2.x antérieures à 3.2.1
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S20, 15.1F6-S10, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D131, 15.1X49-D140
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5
Juniper Networks	N/A	NorthStar Controller versions 3.0.x antérieures à 3.0.1
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D55
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R1-S7, 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.4.1.x antérieures à 8.4.1-R5
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D130
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S8, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S3, 17.2R2-S1, 17.2R3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10852 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10847 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10845 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10850 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10855 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10844 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10846 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10851 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10856 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10849 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10853 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10854 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10848 du 11 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Steel-Belted Radius (SBR) Carrier 8.2.0 ant\u00e9rieures \u00e0 8.2.0-R18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D100",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D66, 12.3X48-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D59",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D58 on EX2300/EX3400",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CentOS versions 6.5 ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233 on QFX5200/QFX5110",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X70 ant\u00e9rieures \u00e0 16.1X70-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D90",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S6, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.3.0.x ant\u00e9rieures \u00e0 8.3.0-R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S3, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D65",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NSM versions ant\u00e9rieures \u00e0 2012.2R14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2X75 ant\u00e9rieures \u00e0 17.2X75-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D35 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66, 15.1X53-D233, 15.1X53-D471",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X65 ant\u00e9rieures \u00e0 16.1X65-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R10, 14.1R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2-S5, 16.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S7, 12.3R13",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D471 on NFX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D76",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10K",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Snapshot Administrator (JSNAPy) versions ant\u00e9rieures \u00e0 1.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S5, 17.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S20, 15.1F6-S10, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D131, 15.1X49-D140",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R1-S7, 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.4.1.x ant\u00e9rieures \u00e0 8.4.1-R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S8, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S3, 17.2R2-S1, 17.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767"
    },
    {
      "name": "CVE-2018-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0020"
    },
    {
      "name": "CVE-2016-5829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2015-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8324"
    },
    {
      "name": "CVE-2018-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0017"
    },
    {
      "name": "CVE-2013-4312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
    },
    {
      "name": "CVE-2018-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0021"
    },
    {
      "name": "CVE-2015-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5156"
    },
    {
      "name": "CVE-2013-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1762"
    },
    {
      "name": "CVE-2016-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2018-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0016"
    },
    {
      "name": "CVE-2016-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1583"
    },
    {
      "name": "CVE-2014-7842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7842"
    },
    {
      "name": "CVE-2015-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3644"
    },
    {
      "name": "CVE-2016-2550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2550"
    },
    {
      "name": "CVE-2016-5696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
    },
    {
      "name": "CVE-2015-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2925"
    },
    {
      "name": "CVE-2018-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0019"
    },
    {
      "name": "CVE-2016-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4565"
    },
    {
      "name": "CVE-2018-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0022"
    },
    {
      "name": "CVE-2014-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0016"
    },
    {
      "name": "CVE-2016-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774"
    },
    {
      "name": "CVE-2015-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7550"
    },
    {
      "name": "CVE-2014-8134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8134"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2015-2080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2080"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2015-8543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8543"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2015-7613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7613"
    },
    {
      "name": "CVE-2015-5157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5157"
    },
    {
      "name": "CVE-2008-2420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2420"
    },
    {
      "name": "CVE-2008-2400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2400"
    },
    {
      "name": "CVE-2018-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0018"
    },
    {
      "name": "CVE-2015-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1805"
    },
    {
      "name": "CVE-2018-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0023"
    },
    {
      "name": "CVE-2010-5313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5313"
    },
    {
      "name": "CVE-2015-7872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7872"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2143"
    }
  ],
  "initial_release_date": "2018-04-16T00:00:00",
  "last_revision_date": "2018-04-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-184",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10852 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10852\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10847 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10847\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10845 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10845\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10850 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10850\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10855 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10855\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10844 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10844\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10846 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10846\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10851 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10851\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10856 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10856\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10849 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10849\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10853 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10853\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10854 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10854\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10848 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10848\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

fkie_cve-2015-2080

Vulnerability from fkie_nvd

Published

2016-10-07 14:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

References

URL	Tags
cve@mitre.org	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html	Vendor Advisory
cve@mitre.org	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html	Vendor Advisory
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html	Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html	Exploit, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Mar/12	Exploit, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/534755/100/1600/threaded
cve@mitre.org	http://www.securityfocus.com/bid/72768	Broken Link
cve@mitre.org	http://www.securitytracker.com/id/1031800	Third Party Advisory
cve@mitre.org	https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md	Exploit, Vendor Advisory
cve@mitre.org	https://security.netapp.com/advisory/ntap-20190307-0005/
af854a3a-2127-422b-91ae-364da2661108	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Mar/12	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/534755/100/1600/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72768	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031800	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190307-0005/

Impacted products

Vendor	Product	Version
fedoraproject	fedora	22
eclipse	jetty	9.2.3
eclipse	jetty	9.2.4
eclipse	jetty	9.2.5
eclipse	jetty	9.2.6
eclipse	jetty	9.2.7
eclipse	jetty	9.2.8
eclipse	jetty	9.3.0
eclipse	jetty	9.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
              "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EFECB22-D7E2-4EC8-8D4C-8E2CA41A44A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC7F62C7-6118-4BAC-9B7C-C833808BBEBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A3C02FD-0183-4419-A64E-9A36E1AE376D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "173061AC-C886-49D0-9A11-5C21BE7BDF3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEBACEB6-A22C-4AC6-B9A8-71AA0A07D1BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "601221A1-E67C-4BF5-B688-C6AE0082DC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*",
              "matchCriteriaId": "D363BB7B-FD7C-4DD9-A11E-8A6AF60DA477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "9A27520A-7A24-47EC-8D04-0F40D50FC094",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak."
    },
    {
      "lang": "es",
      "value": "El c\u00f3digo de manipulaci\u00f3n de excepciones en Eclipse Jetty en versiones anteriores a 9.2.9.v20150224 permite a atacantes remotos obtener informaci\u00f3n sensible de memoria de procesos a trav\u00e9s de caracteres no v\u00e1lidos en una cabecera HTTP, vulnerabilidad tambi\u00e9n conocida como JetLeak."
    }
  ],
  "id": "CVE-2015-2080",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-07T14:59:00.193",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/72768"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securitytracker.com/id/1031800"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/72768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.securitytracker.com/id/1031800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20190307-0005/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-ghgj-3xqr-6jfm

Vulnerability from github

Published

2018-11-09 17:50

Modified

2022-09-14 01:06

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Jetty vulnerable to exposure of sensitive information to unauthenticated remote users

Details

The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 9.2.8.v20150217"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.eclipse.jetty:jetty-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9.2.9.v20150224"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-2080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:37:23Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.",
  "id": "GHSA-ghgj-3xqr-6jfm",
  "modified": "2022-09-14T01:06:27Z",
  "published": "2018-11-09T17:50:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2080"
    },
    {
      "type": "WEB",
      "url": "https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-ghgj-3xqr-6jfm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190307-0005"
    },
    {
      "type": "WEB",
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html"
    },
    {
      "type": "WEB",
      "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Mar/12"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/534755/100/1600/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/72768"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031800"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jetty vulnerable to exposure of sensitive information to unauthenticated remote users"
}

cnvd-2015-01200

Vulnerability from cnvd

Title

Jetty信息泄露漏洞

Description

Jetty是一个开源的servlet容器,它为基于Java的web内容,例如JSP和servlet提供运行环境。 Jetty存在信息泄露漏洞，允许攻击者获取敏感信息。

Severity

中

Patch Name

Jetty信息泄露漏洞的补丁

Patch Description

Jetty是一个开源的servlet容器,它为基于Java的web内容,例如JSP和servlet提供运行环境。 Jetty存在信息泄露漏洞，允许攻击者获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可以联系供应商获得补丁信息： http://eclipse.org/jetty/

Reference

http://www.securityfocus.com/bid/72768

Impacted products

Name
Eclipse Foundation, Inc. Jetty

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "72768"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2080"
    }
  },
  "description": "Jetty\u662f\u4e00\u4e2a\u5f00\u6e90\u7684servlet\u5bb9\u5668,\u5b83\u4e3a\u57fa\u4e8eJava\u7684web\u5185\u5bb9,\u4f8b\u5982JSP\u548cservlet\u63d0\u4f9b\u8fd0\u884c\u73af\u5883\u3002 \r\n\r\nJetty\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Gotham Digital Science and Stephen Komal",
  "formalWay": "\u7528\u6237\u53ef\u4ee5\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://eclipse.org/jetty/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-01200",
  "openTime": "2015-02-27",
  "patchDescription": "Jetty\u662f\u4e00\u4e2a\u5f00\u6e90\u7684servlet\u5bb9\u5668,\u5b83\u4e3a\u57fa\u4e8eJava\u7684web\u5185\u5bb9,\u4f8b\u5982JSP\u548cservlet\u63d0\u4f9b\u8fd0\u884c\u73af\u5883\u3002 \r\n\r\nJetty\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Jetty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Eclipse Foundation, Inc. Jetty"
  },
  "referenceLink": "http://www.securityfocus.com/bid/72768",
  "serverity": "\u4e2d",
  "submitTime": "2015-02-26",
  "title": "Jetty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-2080 (GCVE-0-2015-2080)

Vulnerability from cvelistv5

gsd-2015-2080

Vulnerability from gsd

CERTFR-2018-AVI-184

Vulnerability from certfr_avis

Solution

fkie_cve-2015-2080

Vulnerability from fkie_nvd

ghsa-ghgj-3xqr-6jfm

Vulnerability from github

cnvd-2015-01200

Vulnerability from cnvd

Tags

Sightings

Nomenclature