Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w

Directory traversal in Mort Bay Jetty

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Permalink: https://github.com/advisories/GHSA-9986-w5h5-vw59
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 9 months ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-9986-w5h5-vw59, CVE-2009-1523
References:

• https://nvd.nist.gov/vuln/detail/CVE-2009-1523
• https://bugzilla.redhat.com/show_bug.cgi?id=499867
• https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
• https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
• https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
• http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
• http://jira.codehaus.org/browse/JETTY-1004
• http://www.kb.cert.org/vuls/id/402580
• http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
• http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
• http://www.securityfocus.com/bid/34800
• http://www.securityfocus.com/bid/35675
• http://www.securitytracker.com/id?1022563
• http://www.vupen.com/english/advisories/2009/1900
• http://www.vupen.com/english/advisories/2010/1792
• https://github.com/advisories/GHSA-9986-w5h5-vw59

Blast Radius: 22.2

Affected Packages