This host is running Mort Bay Jetty and is prone to multiple Cross Site Scripting vulnerabilities.

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site allowing Cross-Site Scripting attacks. Impact Level: Application.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A workaround is to apply workaround given in below link, http://seclists.org/fulldisclosure/2009/Oct/319

Multiple flaws exists due to error in 'PATH_INFO' parameter, it is not properly sanitised data before used via the default URI under 'jspsnoop/', 'jspsnoop/ERROR/', 'jspsnoop/IOException/' and 'snoop.jsp'

Jetty version 6.0.x to 6.1.21

• http://seclists.org/fulldisclosure/2009/Oct/319
• http://www.ush.it/team/ush/hack_httpd_escape/adv.txt

---

Updated on 2015-03-25