Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NjZyLTk2MmctMmpxNc2qSg
Mortbay Jetty CRLF Injection Vulnerability
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-966r-962g-2jq5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NjZyLTk2MmctMmpxNc2qSg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: 2 months ago
Identifiers: GHSA-966r-962g-2jq5, CVE-2007-5615
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-5615
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://www.kb.cert.org/vuls/id/212984
- https://github.com/jetty-project/codehaus-jetty6/commit/0d2592ea3183914163d0921e4855bd3e18582a05
- https://web.archive.org/web/20071007232422/http://svn.codehaus.org:80/jetty/jetty/trunk/VERSION.txt
- https://web.archive.org/web/20150112202621/http://www.securityfocus.com/bid/26696
- https://github.com/advisories/GHSA-966r-962g-2jq5
Affected Packages
maven:org.mortbay.jetty:jetty
Versions: < 6.1.6rc0Fixed in: 6.1.6rc0