search

davideuler / gitblit

Automatically exported from code.google.com/p/gitblit
Apache License 2.0
0 stars 0 forks source link

JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server [CVE-2015-2080] #566

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use the Gitblit Go distribution with the bundled Jetty Server

See 
http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-
of-shared-buffers-in-je.html

"GDS discovered a critical information leakage vulnerability in the Jetty web 
server that allows an unauthenticated remote attacker to read arbitrary data 
from previous requests submitted to the server by other users."

"This vulnerability affects versions 9.2.3 to 9.2.8. GDS also found that beta 
releases and later (including the beta releases of 9.3.x) are vulnerable."

What is the expected output? What do you see instead?

N/A

What version of the product are you using? On what operating system?

Gtiblit 1.6.2 - Centos 6

Please provide any additional information below.

Original issue reported on code.google.com by kaosa...@gmail.com on 26 Feb 2015 at 4:04

GoogleCodeExporter commented 9 years ago 
Updated to 9.2.9

Original comment by James.Mo...@gmail.com on 26 Feb 2015 at 1:34