Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:40
Type | Values Removed | Values Added |
---|---|---|
References | () http://jira.codehaus.org/browse/JETTY-386#action_117699 - | |
References | () http://jira.codehaus.org/browse/JETTY/fixforversion/13950 - | |
References | () http://osvdb.org/39855 - | |
References | () http://secunia.com/advisories/28322 - Vendor Advisory | |
References | () http://secunia.com/advisories/28547 - | |
References | () http://www.igniterealtime.org/community/message/163752 - | |
References | () http://www.kb.cert.org/vuls/id/553235 - US Government Resource | |
References | () http://www.securityfocus.com/bid/27117 - | |
References | () http://www.vupen.com/english/advisories/2008/0079 - |
Information
Published : 2008-01-08 11:46
Updated : 2024-11-21 00:40
NVD link : CVE-2007-6672
Mitre link : CVE-2007-6672
CVE.ORG link : CVE-2007-6672
JSON object : View
Products Affected
mortbay_jetty
- jetty
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')