CVE-2009-4612

🗓️ 13 Jan 2010 20:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 77 Views🌐 WEB

CVE-2009-4612, Multiple XSS vulnerabilities in Mort Bay Jetty 6.1.x through 6.1.2

Reporter	Title	Published	Views	Family All 12
IBM Security Bulletins	Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.	19 Sep 202220:54	–	ibm
IBM Security Bulletins	Security Bulletin: Jetty vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2011-4461, CVS-2009-4612, CVE-2009-4611, CVE-2009-4610, CVS-2009-4609, CVE-2009-1524, CVE-2009-1523)	11 Feb 202018:29	–	ibm
Circl	CVE-2009-4612	24 Oct 200900:00	–	circl
Cvelist	CVE-2009-4612	13 Jan 201020:00	–	cvelist
EUVD	EUVD-2009-4577	7 Oct 202500:30	–	euvd
Tenable Nessus	Mort Bay Jetty Multiple XSS	26 Jan 201000:00	–	nessus
NVD	CVE-2009-4612	13 Jan 201020:30	–	nvd
OpenVAS	Mort Bay Jetty 6.x <= 6.1.21 Multiple XSS Vulnerabilities - Active Check	2 Feb 201000:00	–	openvas
OpenVAS	Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check	2 Feb 201000:00	–	openvas
Prion	Cross site scripting	13 Jan 201020:30	–	prion

NVD

Node

mortbay jettyMatch6.1.0

OR

mortbay jettyMatch6.1.0pre0

OR

mortbay jettyMatch6.1.0pre1

OR

mortbay jettyMatch6.1.0pre2

OR

mortbay jettyMatch6.1.0pre3

OR

mortbay jettyMatch6.1.0rc0

OR

mortbay jettyMatch6.1.0rc1

OR

mortbay jettyMatch6.1.0rc2

OR

mortbay jettyMatch6.1.0rc3

OR

mortbay jettyMatch6.1.1

OR

mortbay jettyMatch6.1.1rc0

OR

mortbay jettyMatch6.1.2

OR

mortbay jettyMatch6.1.2pre0

OR

mortbay jettyMatch6.1.2pre1

OR

mortbay jettyMatch6.1.2rc0

OR

mortbay jettyMatch6.1.2rc1

OR

mortbay jettyMatch6.1.2rc2

OR

mortbay jettyMatch6.1.2rc3

OR

mortbay jettyMatch6.1.2rc4

OR

mortbay jettyMatch6.1.2rc5

OR

mortbay jettyMatch6.1.3

OR

mortbay jettyMatch6.1.4

OR

mortbay jettyMatch6.1.4rc0

OR

mortbay jettyMatch6.1.4rc1

OR

mortbay jettyMatch6.1.5

OR

mortbay jettyMatch6.1.5rc0

OR

mortbay jettyMatch6.1.6

OR

mortbay jettyMatch6.1.6rc0

OR

mortbay jettyMatch6.1.6rc1

OR

mortbay jettyMatch6.1.7

OR

mortbay jettyMatch6.1.8

OR

mortbay jettyMatch6.1.9

OR

mortbay jettyMatch6.1.10

OR

mortbay jettyMatch6.1.11

OR

mortbay jettyMatch6.1.12

OR

mortbay jettyMatch6.1.12rc1

OR

mortbay jettyMatch6.1.12rc2

OR

mortbay jettyMatch6.1.12rc3

OR

mortbay jettyMatch6.1.12rc4

OR

mortbay jettyMatch6.1.12rc5

OR

mortbay jettyMatch6.1.14

OR

mortbay jettyMatch6.1.15

OR

mortbay jettyMatch6.1.15pre0

OR

mortbay jettyMatch6.1.15rc2

OR

mortbay jettyMatch6.1.15rc3

OR

mortbay jettyMatch6.1.15rc4

OR

mortbay jettyMatch6.1.15rc5

OR

mortbay jettyMatch6.1.16

OR

mortbay jettyMatch6.1.19

OR

mortbay jettyMatch6.1.20

OR

mortbay jettyMatch6.1.21

Source	Link
ush	www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

Parameter	Position	Path	Description	CWE
PATH_INFO	path	jspsnoop/	XSS via PATH_INFO in jspsnoop/ default URI.	CWE-79
PATH_INFO	path	jspsnoop/ERROR/	XSS via PATH_INFO in jspsnoop/ERROR/.	CWE-79
PATH_INFO	path	jspsnoop/IOException/	XSS via PATH_INFO in jspsnoop/IOException/.	CWE-79
PATH_INFO	path	snoop.jsp	XSS via PATH_INFO in snoop.jsp.	CWE-79

23 Apr 2026 00:35Current

5.2Medium risk

Vulners AI Score5.2

CVSS 24.3

EPSS0.0013

cve-2009-4612 xss cross-site scripting vulnerability webapp jsp snoop mort bay jetty