Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1mdmgzLTR2NXItY3Z2Y82qRw
Improper Authentication in Mortbay Jetty
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-fvh3-4v5r-cvvcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mdmgzLTR2NXItY3Z2Y82qRw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
CVSS Score: 7.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Identifiers: GHSA-fvh3-4v5r-cvvc, CVE-2007-5614
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-5614
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
- http://www.kb.cert.org/vuls/id/438616
- https://www.eclipse.org/jetty/about.php
- https://github.com/advisories/GHSA-fvh3-4v5r-cvvc
Affected Packages
maven:org.mortbay.jetty:jetty
Dependent packages: 1,149Dependent repositories: 15,554
Downloads:
Affected Version Ranges: < 6.1.6
Fixed in: 6.1.6
All affected versions:
All unaffected versions: 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26