Posted by Ron Gutierrez on Mar 02

GDS LABS ALERT: CVE-2015-2080
JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server

SYNOPSIS
========
Gotham Digital Science discovered a critical information leakage
vulnerability in the Jetty web server that allows an unauthenticated remote
attacker to read arbitrary data from previous requests and responses
submitted to the server by other users.

The vulnerability was made public by the Jetty development team on the…