Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01bXE4LWg4MnAtd2pmMs1mbg
Jetty Javascript Inclusion Vulnerability
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a
).
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01bXE4LWg4MnAtd2pmMs1mbg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 3 months ago
Identifiers: GHSA-5mq8-h82p-wjf2, CVE-2002-1533
References:
- https://nvd.nist.gov/vuln/detail/CVE-2002-1533
- https://web.archive.org/web/20040705203137/http://xforce.iss.net/xforce/xfdb/10219
- https://web.archive.org/web/20041213153950/http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html
- https://web.archive.org/web/20061020173202/http://www.securityfocus.com/bid/5821
- https://github.com/advisories/GHSA-5mq8-h82p-wjf2
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: < 4.1.1
Fixed in: 4.1.1
All affected versions:
All unaffected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26