Jetty 4.1 Servlet Engine - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5821/info

Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms.

It has been reported that Jetty does not properly sanitize requests. This could result in a user clicking a malicious link that would execute script or HTML code in the security context of the site hosted by the Jetty server. An attacker could exploit this vulnerability to gain authentication cookies, or other sensitive information.

http://www.example.com/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp