WEB APPLICATION VULNERABILITIES Standard & Premium

Jetty Improper Access Control Vulnerability (CVE-2016-4800)

Description

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

Remediation

References

Related Vulnerabilities

ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Request Forgery (2.10.2)

Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)

WordPress Plugin BuddyPress Arbitrary File Deletion (2.7.3)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3663)

Severity

Critical

Classification

CVE-2016-4800 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities