Test ID:	1.3.6.1.4.1.25623.1.0.805051
Category:	Web Servers
Title:	Jetty < 9.2.9.v20150224 Shared Buffers Information Leakage Vulnerability - Active Check
Summary:	Jetty is prone to an information leakage vulnerability.
Description:	Summary: Jetty is prone to an information leakage vulnerability. Vulnerability Insight: The flaw is triggered when handling 400 errors in HTTP responses. This may allow a remote attacker to gain access to potentially sensitive information in the memory. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information that may aid in further attacks. Affected Software/OS: Jetty versions 9.2.3 to 9.2.8 and beta releases of 9.3.x. Solution: Update to version 9.2.9.v20150224 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2080 BugTraq ID: 72768 http://www.securityfocus.com/bid/72768 Bugtraq: 20150225 GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server (Google Search) http://www.securityfocus.com/archive/1/534755/100/1600/threaded http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151804.html http://seclists.org/fulldisclosure/2015/Mar/12 http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00075.html http://www.securitytracker.com/id/1031800
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.