5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.028 Low
EPSS
Percentile
90.6%
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CPE | Name | Operator | Version |
---|---|---|---|
org.mortbay.jetty:jetty | lt | 7.0.0.M2 | |
org.mortbay.jetty:jetty | lt | 6.1.17 |
itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
jira.codehaus.org/browse/JETTY-1004
www.kb.cert.org/vuls/id/402580
www.kb.cert.org/vuls/id/CRDY-7RKQCY
www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
www.securityfocus.com/bid/34800
www.securityfocus.com/bid/35675
www.securitytracker.com/id?1022563
www.vupen.com/english/advisories/2009/1900
www.vupen.com/english/advisories/2010/1792
bugzilla.redhat.com/show_bug.cgi?id=499867
github.com/advisories/GHSA-9986-w5h5-vw59
nvd.nist.gov/vuln/detail/CVE-2009-1523
www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html