This host is running Mort Bay Jetty and is prone to multiple vulnerabilities.

Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session and execute arbitrary commands or overwrite files in the context of an affected site. Impact Level: Application.

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A Workaround is to apply workaround from below link, http://seclists.org/fulldisclosure/2009/Oct/319

Inputs passed to the query string to 'jsp/dump.jsp' and to Name or Value parameter in 'Session Dump Servlet' is not properly sanitised before being returned to the user.

Jetty version 6.0.0 to 7.0.0

• http://seclists.org/fulldisclosure/2009/Oct/319
• http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

---

Updated on 2015-03-25