The Jetty Web Server there is a shared cache remote disclosure Vulnerability[CVE-2 0 1 5-2 0 8 0]-vulnerability warning-the black bar safety net

2015-02-28T00:00:00
ID MYHACK58:62201559501
Type myhack58
Reporter 佚名
Modified 2015-02-28T00:00:00

Description

GDS security company found a Jetty web server shared cache area remote disclosure vulnerability by the vulnerability A is not authenticated attacker can remotely obtain a before the legitimate user to the server to send the request. In short, the attacker may be from the presence of the vulnerability of the server remote access to the buffer zone of sensitive information, including http header information, cookies, authentication tokens, to prevent CSRF, the tokens, etc., as well as a user POST data, user name, password, etc.

Vulnerability the root cause is that when the header is inserted into the malicious character and submit to the server, from exception handling code to get the shared buffer is about 1 6 bytes of data. So an attacker can submit a carefully constructed request to get an exception and the offset into the shared buffer, shared buffer in memory that the user previously submitted the data, the Jetty server will be based on the user-submitted request to return about 1 6 bytes of the data block, it will contain sensitive information.

The affected version

The vulnerability affects Jetty 9. 2. 3~9.2.8 version, the GDS also found that the Jetty of the beta version 9. 3. x is also affected by the vulnerability.

Vulnerability verification

GDS gives a vulnerability validation script download address

<https://github.com/GDSSecurity/Jetleak-Testing-Script>

Authentication method

|

1

|

$ python jetleak_tester.py http://[ENTER HOSTNAME] 8 0

---|---

If there is a vulnerability will display

This version of Jetty is VULNERABLE to JetLeak!

If there is no vulnerability

This version of Jetty is NOT vulnerable to JetLeak.