Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Jetty WebServer and is prone to Cross-Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code and conduct XSS attacks via a direct GET request to cookie/. Impact Level: Application

Solution

Upgrade to version 6.1.21 or 7.0.0 or later. http://jetty.mortbay.org/jetty/

Insight

The user supplied data passed into the 'Value' parameter in the Sample Cookies aka 'CookieDump.java' application is not adequately sanitised before being returned to the user.

Affected

Jetty version 6.1.19 and 6.1.20.

References

http://www.coresecurity.com/content/jetty-persistent-xss
http://www.securityfocus.com/archive/1/archive/1/507013/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3579

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AdaptCMS 'init.php' Remote File Include Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
AN Guestbook Local File Inclusion Vulnerability

Take action and discover your vulnerabilities