Candidate: CVE-2015-2080
PublicDate: 2016-10-07 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2080
 http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
 https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
 http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
Description:
 The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows
 remote attackers to obtain sensitive information from process memory via
 illegal characters in an HTTP header, aka JetLeak.
Ubuntu-Description:
Notes:
 sbeattie> only affects jetty 9.2.3 through 9.2.8
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_jetty:
upstream_jetty: needs-triage
lucid_jetty: not-affected (< 9.x)
precise_jetty: not-affected (< 9.x)
trusty_jetty: not-affected (< 9.x)
trusty/esm_jetty: not-affected (< 9.x)
utopic_jetty: not-affected (< 9.x)
devel_jetty: not-affected (< 9.x)

Patches_jetty8:
upstream_jetty8: needs-triage
lucid_jetty8: DNE
precise_jetty8: DNE
trusty_jetty8: not-affected (< 9.x)
trusty/esm_jetty8: not-affected (< 9.x)
utopic_jetty8: not-affected (< 9.x)
devel_jetty8: not-affected (< 9.x)