Information leakage vulnerability has been found in the Jetty web server before 9.2.9.v20150224 that allows an unauthenticated remote attacker to read arbitrary data from process memory via illegal characters in an HTTP header.
This can lead to the disclosure of sensitive data, including usernames, authentication tokens, passwords, CSRF tokens, etc.
Encrypt all sensitive data
Update to the latest version