CVE-2007-6672

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mortbay_jetty:jetty:6.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:6.1.6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:40

Type Values Removed Values Added
References () http://jira.codehaus.org/browse/JETTY-386#action_117699 - () http://jira.codehaus.org/browse/JETTY-386#action_117699 -
References () http://jira.codehaus.org/browse/JETTY/fixforversion/13950 - () http://jira.codehaus.org/browse/JETTY/fixforversion/13950 -
References () http://osvdb.org/39855 - () http://osvdb.org/39855 -
References () http://secunia.com/advisories/28322 - Vendor Advisory () http://secunia.com/advisories/28322 - Vendor Advisory
References () http://secunia.com/advisories/28547 - () http://secunia.com/advisories/28547 -
References () http://www.igniterealtime.org/community/message/163752 - () http://www.igniterealtime.org/community/message/163752 -
References () http://www.kb.cert.org/vuls/id/553235 - US Government Resource () http://www.kb.cert.org/vuls/id/553235 - US Government Resource
References () http://www.securityfocus.com/bid/27117 - () http://www.securityfocus.com/bid/27117 -
References () http://www.vupen.com/english/advisories/2008/0079 - () http://www.vupen.com/english/advisories/2008/0079 -

Information

Published : 2008-01-08 11:46

Updated : 2024-11-21 00:40


NVD link : CVE-2007-6672

Mitre link : CVE-2007-6672

CVE.ORG link : CVE-2007-6672


JSON object : View

Products Affected

mortbay_jetty

  • jetty
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')