Vulners
Lucene search
Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
| Reporter | Title | Published | Views | Family All 34 |
|---|---|---|---|---|
 | Jetty 9.2.8 Shared Buffer Leakage Vulnerability | 3 Mar 201500:00 | – | zdt |
| Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers | 17 Feb 201600:00 | – | zdt |
| Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit | 19 Feb 202000:00 | – | zdt |
 | CVE-2015-2080 | 7 Oct 201614:59 | – | attackerkb |
 | Juniper Networks Releases Security Updates | 12 Apr 201800:00 | – | cisa |
 | Jetty Information Disclosure Vulnerability | 26 Feb 201500:00 | – | cnvd |
 | Eclipse Foundation Jetty Web Server HttpParser Remote Information Disclosure (CVE-2015-2080) | 5 Apr 201500:00 | – | checkpoint_advisories |
 | CVE-2015-2080 | 7 Oct 201614:00 | – | cve |
 | CVE-2015-2080 | 7 Oct 201614:00 | – | cvelist |
 | Exploit for OS Command Injection in Gnu Bash | 27 Jul 202504:21 | – | gitee |
10
id: CVE-2015-2080
info:
name: Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
author: pikpikcu
severity: high
description: Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.
impact: |
Remote attackers can retrieve sensitive information from process memory, leading to potential data leakage.
remediation: |
Update to version 9.2.9.v20150224 or later.
reference:
- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-2080
- http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-2080
cwe-id: CWE-200
epss-score: 0.91897
epss-percentile: 0.99707
cpe: cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: fedoraproject
product: fedora
shodan-query: cpe:"cpe:2.3:o:fedoraproject:fedora"
tags: cve2015,cve,jetty,packetstorm,fedoraproject,vuln
http:
- method: POST
path:
- "{{BaseURL}}"
headers:
Referer: \x00
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Illegal character 0x0 in state"
- type: status
status:
- 400
# digest: 4b0a00483046022100f6e18f0a0e94916057c86f103ca2e8545d201e44700f90a51b5fd5e39e186f1502210094be86b170136986dba272faaf0e02e9429d1a815a47938048288b0af20e3636:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 25
CVSS 37.5
EPSS0.91897