CVE-2015-2080

Related Files

Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers

Posted Feb 17, 2016

Authored by LiquidWorm | Site zeroscience.mk

Remote unauthenticated attackers are able to read arbitrary data from other HTTP sessions because Ignition uses a vulnerable Jetty server. When the Jetty web server receives a HTTP request, the below code is used to parse through the HTTP headers and their associated values. Inductive Automation versions 7.8.1 (b2016012216) and 7.8.0 (b2015101414) are affected.

tags | exploit, remote, web, arbitrary

advisories | CVE-2015-2080

SHA-256 | 8d7c9861342f78e40e1dcce0f22e9aba5b9782813cddc88a6b9899181e6ae25e

Download | Favorite | View

OpenFire XMPP 3.9.3 Certificate Handling

Posted Apr 24, 2015

Authored by Simon Waters, Kim Alvefur

OpenFire XMPP versions 3.9.3 and below incorrectly accepts self-signed certificates potentially allowing for spoofing attacks.

tags | advisory, spoof

advisories | CVE-2014-3451, CVE-2015-2080

SHA-256 | d26c2fe0c0cc3b4027d438b3b2eba60b5fcea46aa1cc48496aed16c4a47ece9e

Download | Favorite | View

Jetty 9.2.8 Shared Buffer Leakage

Posted Feb 27, 2015

Authored by Stephen Komal, Gotham Digital Science

Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests and responses submitted to the server by other users. Jetty versions 9.2.3 through 9.2.8 are affected. Proof of concept code included.

tags | exploit, remote, web, arbitrary, proof of concept, info disclosure

advisories | CVE-2015-2080

SHA-256 | 17f918c6ed7be55415f6475ca5befcbf2d795848bb2960612e998e54f15479d5

Download | Favorite | View