7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Cross-site scripting (XSS) vulnerability in Dump Servlet in
Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject
arbitrary web script or HTML via unspecified parameters and
cookies.
Mortbay Jetty before 6.1.6rc1 does not properly handle “certain
quote sequences” in HTML cookie parameters, which allows remote
attackers to hijack browser sessions via unspecified vectors.
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0
allows remote attackers to inject arbitrary HTTP headers and
conduct HTTP response splitting attacks via unspecified vectors.