Summary
This host is running Jetty WebServer and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code and conduct XSS attacks via a direct GET request to cookie/.
Impact Level: Application
Solution
Upgrade to version 6.1.21 or 7.0.0 or later.
http://jetty.mortbay.org/jetty/
Insight
The user supplied data passed into the 'Value' parameter in the Sample Cookies aka 'CookieDump.java' application is not adequately sanitised before being returned to the user.
Affected
Jetty version 6.1.19 and 6.1.20.
References
Severity
Classification
-
CVE CVE-2009-3579 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Archiva Home Page Cross-Site Scripting vulnerability
- Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability