HTTP: Eclipse Foundation Jetty Web Server HttpParser Remote Memory Information Disclosure
This signature detects attempts to exploit a known vulnerability against Eclipse Jetty Web Server. A successful exploit can lead to remote memory information disclosure.
Extended Description
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
Affected Products
Fedoraproject fedora
Short Name
HTTP:INFO-LEAK:JETY-SRV-RESP
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2015-2080 Disclosure Eclipse Foundation HttpParser Information Jetty Memory Remote Server Web bid:72768
Release Date
03/18/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3799
False Positive
Unknown
Vendors
Fedoraproject
Eclipse
CVSS Score
5.0