.. / CVE-2015-2080

Exploit for Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage (CVE-2015-2080)

Description:

Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.

Nuclei Template

View the template here CVE-2015-2080.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2015/CVE-2015-2080.yaml

References:

http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
https://nvd.nist.gov/vuln/detail/CVE-2015-2080
http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md

.. / CVE-2015-2080 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage (CVE-2015-2080)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2015-2080