Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jd3EzLXFwOHYtdzhxM813Fw
Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (%5C) characters. NOTE: this might be the same issue as CVE-2006-2758.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jd3EzLXFwOHYtdzhxM813Fw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
Identifiers: GHSA-cwq3-qp8v-w8q3, CVE-2005-3747
References:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3747
- http://sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322
- http://www.securityfocus.com/archive/1/450315/100/0/threaded
- http://www.securityfocus.com/bid/15515
- https://github.com/advisories/GHSA-cwq3-qp8v-w8q3
Blast Radius: 0.0
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: < 5.1.6
Fixed in: 5.1.6
All affected versions:
All unaffected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26