Jetty Cross Site Scripting And Information Disclosure Vulnerabilities Network Vulnerability

Summary

Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.

Solution

The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.

References

http://www.securityfocus.com/bid/34800

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1523

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache UserDir Sensitive Information Disclosure
Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
iWeb Server URL Directory Traversal Vulnerability
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
HttpBlitz Server HTTP Request Remote Denial of Service Vulnerability

Jetty Cross Site Scripting and Information Disclosure Vulnerabilities

Take action and discover your vulnerabilities