Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2009-4611

🗓️ 13 Jan 2010 20:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 179 Views🌐 WEB

Mort Bay Jetty 6.x through 6.1.22, 7.0.0 allows remote attackers to execute arbitrary commands via HTTP request

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
19 Sep 202220:54
ibm
IBM Security Bulletins		Security Bulletin: Jetty vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2011-4461, CVS-2009-4612, CVE-2009-4611, CVE-2009-4610, CVS-2009-4609, CVE-2009-1524, CVE-2009-1523)
11 Feb 202018:29
ibm
ATTACKERKB		CVE-2009-5047
15 Nov 201916:15
attackerkb
Cvelist		CVE-2009-4611
13 Jan 201020:00
cvelist
EUVD		EUVD-2022-2817
3 Oct 202520:07
euvd
Github Security Blog		Improper input validation in Mort Bay Jetty
2 May 202203:56
github
NVD		CVE-2009-4611
13 Jan 201020:30
nvd
OpenVAS		Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check
2 Feb 201000:00
openvas
OSV		GHSA-6JXP-7G74-2RC3 Improper input validation in Mort Bay Jetty
2 May 202203:56
osv
Prion		Design/Logic Flaw
13 Jan 201020:30
prion
Rows per page
NVD
Node
mortbayjettyMatch6.0.0
OR
mortbayjettyMatch6.0.0alpha0
OR
mortbayjettyMatch6.0.0alpha1
OR
mortbayjettyMatch6.0.0alpha2
OR
mortbayjettyMatch6.0.0alpha3
OR
mortbayjettyMatch6.0.0beta0
OR
mortbayjettyMatch6.0.0beta1
OR
mortbayjettyMatch6.0.0beta10
OR
mortbayjettyMatch6.0.0beta11
OR
mortbayjettyMatch6.0.0beta12
OR
mortbayjettyMatch6.0.0beta14
OR
mortbayjettyMatch6.0.0beta15
OR
mortbayjettyMatch6.0.0beta16
OR
mortbayjettyMatch6.0.0beta17
OR
mortbayjettyMatch6.0.0beta2
OR
mortbayjettyMatch6.0.0beta3
OR
mortbayjettyMatch6.0.0beta4
OR
mortbayjettyMatch6.0.0beta5
OR
mortbayjettyMatch6.0.0beta6
OR
mortbayjettyMatch6.0.0beta7
OR
mortbayjettyMatch6.0.0beta8
OR
mortbayjettyMatch6.0.0beta9
OR
mortbayjettyMatch6.0.0betax
OR
mortbayjettyMatch6.0.0rc0
OR
mortbayjettyMatch6.0.0rc1
OR
mortbayjettyMatch6.0.0rc2
OR
mortbayjettyMatch6.0.0rc3
OR
mortbayjettyMatch6.0.0rc4
OR
mortbayjettyMatch6.0.1
OR
mortbayjettyMatch6.0.2
OR
mortbayjettyMatch6.1.0
OR
mortbayjettyMatch6.1.0pre0
OR
mortbayjettyMatch6.1.0pre1
OR
mortbayjettyMatch6.1.0pre2
OR
mortbayjettyMatch6.1.0pre3
OR
mortbayjettyMatch6.1.0rc0
OR
mortbayjettyMatch6.1.0rc1
OR
mortbayjettyMatch6.1.0rc2
OR
mortbayjettyMatch6.1.0rc3
OR
mortbayjettyMatch6.1.1
OR
mortbayjettyMatch6.1.1rc0
OR
mortbayjettyMatch6.1.2
OR
mortbayjettyMatch6.1.2pre0
OR
mortbayjettyMatch6.1.2pre1
OR
mortbayjettyMatch6.1.2rc0
OR
mortbayjettyMatch6.1.2rc1
OR
mortbayjettyMatch6.1.2rc2
OR
mortbayjettyMatch6.1.2rc3
OR
mortbayjettyMatch6.1.2rc4
OR
mortbayjettyMatch6.1.2rc5
OR
mortbayjettyMatch6.1.3
OR
mortbayjettyMatch6.1.4
OR
mortbayjettyMatch6.1.4rc0
OR
mortbayjettyMatch6.1.4rc1
OR
mortbayjettyMatch6.1.5
OR
mortbayjettyMatch6.1.5rc0
OR
mortbayjettyMatch6.1.6
OR
mortbayjettyMatch6.1.6rc0
OR
mortbayjettyMatch6.1.6rc1
OR
mortbayjettyMatch6.1.7
OR
mortbayjettyMatch6.1.8
OR
mortbayjettyMatch6.1.9
OR
mortbayjettyMatch6.1.10
OR
mortbayjettyMatch6.1.11
OR
mortbayjettyMatch6.1.12
OR
mortbayjettyMatch6.1.12rc1
OR
mortbayjettyMatch6.1.12rc2
OR
mortbayjettyMatch6.1.12rc3
OR
mortbayjettyMatch6.1.12rc4
OR
mortbayjettyMatch6.1.12rc5
OR
mortbayjettyMatch6.1.14
OR
mortbayjettyMatch6.1.15
OR
mortbayjettyMatch6.1.15pre0
OR
mortbayjettyMatch6.1.15rc2
OR
mortbayjettyMatch6.1.15rc3
OR
mortbayjettyMatch6.1.15rc4
OR
mortbayjettyMatch6.1.15rc5
OR
mortbayjettyMatch6.1.16
OR
mortbayjettyMatch6.1.19
OR
mortbayjettyMatch6.1.20
OR
mortbayjettyMatch7.0.0
ParameterPositionPathDescriptionCWE
Agepathcookie/Un sanitized backtrace-related data in Cookie Dump Servlet path that could be exploited via an escape sequence in the Age parameter.CWE-20
Aquery paramjsp/expr.jspUn sanitized backtrace-related data in a generated response via an alphabetic A parameter to jsp/expr.jsp.CWE-20
Content-Lengthheadercookie/Un sanitized backtrace-related data via the Content-Length HTTP header, potentially allowing crafted requests to affect application behavior.CWE-20

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Apr 2026 00:35Current
6Medium risk
Vulners AI Score6
CVSS 27.5
EPSS0.00948
CWE-20
cve-2009-4611mort bay jettyremote code executionhttp requestsecurity vulnerability
179