Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w
Directory traversal in Mort Bay Jetty
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Permalink: https://github.com/advisories/GHSA-9986-w5h5-vw59JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05OTg2LXc1aDUtdnc1Oc3E_w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.03198
EPSS Percentile: 0.91508
Identifiers: GHSA-9986-w5h5-vw59, CVE-2009-1523
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-1523
- https://bugzilla.redhat.com/show_bug.cgi?id=499867
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- http://jira.codehaus.org/browse/JETTY-1004
- http://www.kb.cert.org/vuls/id/402580
- http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.securityfocus.com/bid/34800
- http://www.securityfocus.com/bid/35675
- http://www.securitytracker.com/id?1022563
- http://www.vupen.com/english/advisories/2009/1900
- http://www.vupen.com/english/advisories/2010/1792
- https://github.com/advisories/GHSA-9986-w5h5-vw59
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: >= 7.0.0.M0, < 7.0.0.M2, < 6.1.17
Fixed in: 7.0.0.M2, 6.1.17
All affected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26
All unaffected versions: