Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NjZyLTk2MmctMmpxNc2qSg
Mortbay Jetty CRLF Injection Vulnerability
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-966r-962g-2jq5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NjZyLTk2MmctMmpxNc2qSg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-966r-962g-2jq5, CVE-2007-5615
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-5615
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://www.kb.cert.org/vuls/id/212984
- https://github.com/jetty-project/codehaus-jetty6/commit/0d2592ea3183914163d0921e4855bd3e18582a05
- https://web.archive.org/web/20071007232422/http://svn.codehaus.org:80/jetty/jetty/trunk/VERSION.txt
- https://web.archive.org/web/20150112202621/http://www.securityfocus.com/bid/26696
- https://github.com/advisories/GHSA-966r-962g-2jq5
Blast Radius: 0.0
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: < 6.1.6rc0
Fixed in: 6.1.6rc0
All affected versions:
All unaffected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26