JetLeak Vulnerability: Remote Leakage of Shared Buffers (CVE-2015-2080)

  • 7022580
  • 14-Mar-2015
  • 02-Mar-2018


Reflection ZFE


An unauthenticated remote attacker can send a specially crafted request to read arbitrary data from previous requests submitted to the server by other users.


Reflection ZFE 1.0 is vulnerable to the attack. In version 1.0, you can fix this by manually replacing a file in the installed product.
Download the patch from Eclipse: Then, overwrite the existing file at this location: <installdir>/sessionserver/services/servletengine/lib/jetty-http-9.2.7.v20150116.jar.
issue is addressed beginning in Reflection ZFE 1.1, which includes Jetty version 9.2.11.v20150529. 


Security Alert

Additional Information

For vulnerability details, see

This information was originally published in Attachmate Technical Note 2783 (posted March 2015, updated October 2015).