Skip to content

GDSSecurity/Jetleak-Testing-Script

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

Jetleak Testing Script

This tool is intended to provide a quick-and-dirty way for organizations to test whether their Jetty web server versions are vulnerable to JetLeak. Currently, this script does not handle sites with invalid SSL certs. This will be fixed in a future iteration.

For additional details on the Jetleak vulnerability refer to our blog post: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html

Sample Usage: python jetleak_tester.py [url] [port]

Sample Output for a server that is not vulnerable:

$ python jetleak_tester.py http://[ENTER HOSTNAME] 80

This version of Jetty is NOT vulnerable to JetLeak.

Sample Output for a server that is vulnerable:

$ python jetleak_tester.py http://[ENTER HOSTNAME] 80

This version of Jetty is VULNERABLE to JetLeak!

About

Script to test if a server is vulnerable to the JetLeak vulnerability

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages