Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Critical vulnerability found in Jetty web server

Critical vulnerability found in Jetty web server

2015/02/27

Securityweek - (International) Security researchers from Gotham Digital Science discovered a critical vulnerability dubbed JetLeak in the Eclipse Foundation's Jetty Web server that allows remote, unauthenticated attackers to read arbitrary data from requests previously submitted by users to the server, including cookies, authentication tokens, anti-CSRF tokens, usernames, and passwords. The flaw was addressed February 24 with the release of Jetty version 9.2.9 while the Jetty development team reported an anticipated fix for the vulnerability in version 9.3.0. which is in beta.

Source: http://www.securityweek.com/critical-vulnerability-found-jetty-web-server

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:33