Summary
Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
Jetty 6.1.16 and prior versions are affected.
Solution
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1523 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Ecava IntegraXor Account Information Disclosure Vulnerability
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- Apache Tomcat Partial HTTP Requests DoS Vulnerability (Windows)