Lucene search

GitHub Advisory DatabaseGHSA-8H77-9VH5-HW5G

HistoryMay 01, 2022 - 6:35 p.m.

Mortbay Jetty vulnerable to Cross-site scripting

2022-05-0118:35:00

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

mortbay jetty

vulnerable

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

85.0%

JSON

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

Affected configurations

Vulners

Node

org.mortbay.jettyjettyRange<6.1.6

VendorProductVersionCPE
org.mortbay.jettyjetty*cpe:2.3:a:org.mortbay.jetty:jetty:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.mortbay.jetty	jetty	*	cpe:2.3:a:org.mortbay.jetty:jetty::::::::

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

www.kb.cert.org/vuls/id/237888

github.com/advisories/GHSA-8h77-9vh5-hw5g

nvd.nist.gov/vuln/detail/CVE-2007-5613

www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.011

Percentile

85.0%

JSON

Related for GHSA-8H77-9VH5-HW5G