Short Name |
HTTP:INFO-LEAK:JETY-SRV-RESP |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Eclipse Foundation Jetty Web Server HttpParser Remote Memory Information Disclosure |
Release Date |
2015/03/18 |
Update Number |
2476 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Eclipse Jetty Web Server. A successful exploit can lead to remote memory information disclosure.
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.