Lucene search

K
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113002
HistoryOct 04, 2021 - 12:00 a.m.

Jetty < 9.4.33 Local Temp Directory Hijacking

2021-10-0400:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

The version of Jetty installed on the remote host suffers from a potential race condition when creating temporary sub directories. If an co-located attacker wins the race, then they will have read/write privilege to the subdirectory used to unpack web applications, potentially leading to a local privilege escalation vulnerability. Note that the scanner has not tested for this issue but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersion
aeclipsejetty