Lucene search

[email protected]NVD:CVE-2009-4611

HistoryJan 13, 2010 - 8:30 p.m.

CVE-2009-4611

2010-01-1320:30:00

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window’s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Affected configurations

NVD

Node

mortbayjettyMatch6.0.0

mortbayjettyMatch6.0.0alpha0

mortbayjettyMatch6.0.0alpha1

mortbayjettyMatch6.0.0alpha2

mortbayjettyMatch6.0.0alpha3

mortbayjettyMatch6.0.0beta0

mortbayjettyMatch6.0.0beta1

mortbayjettyMatch6.0.0beta10

mortbayjettyMatch6.0.0beta11

mortbayjettyMatch6.0.0beta12

mortbayjettyMatch6.0.0beta14

mortbayjettyMatch6.0.0beta15

mortbayjettyMatch6.0.0beta16

mortbayjettyMatch6.0.0beta17

mortbayjettyMatch6.0.0beta2

mortbayjettyMatch6.0.0beta3

mortbayjettyMatch6.0.0beta4

mortbayjettyMatch6.0.0beta5

mortbayjettyMatch6.0.0beta6

mortbayjettyMatch6.0.0beta7

mortbayjettyMatch6.0.0beta8

mortbayjettyMatch6.0.0beta9

mortbayjettyMatch6.0.0betax

mortbayjettyMatch6.0.0rc0

mortbayjettyMatch6.0.0rc1

mortbayjettyMatch6.0.0rc2

mortbayjettyMatch6.0.0rc3

mortbayjettyMatch6.0.0rc4

mortbayjettyMatch6.0.1

mortbayjettyMatch6.0.2

mortbayjettyMatch6.1.0

mortbayjettyMatch6.1.0pre0

mortbayjettyMatch6.1.0pre1

mortbayjettyMatch6.1.0pre2

mortbayjettyMatch6.1.0pre3

mortbayjettyMatch6.1.0rc0

mortbayjettyMatch6.1.0rc1

mortbayjettyMatch6.1.0rc2

mortbayjettyMatch6.1.0rc3

mortbayjettyMatch6.1.1

mortbayjettyMatch6.1.1rc0

mortbayjettyMatch6.1.2

mortbayjettyMatch6.1.2pre0

mortbayjettyMatch6.1.2pre1

mortbayjettyMatch6.1.2rc0

mortbayjettyMatch6.1.2rc1

mortbayjettyMatch6.1.2rc2

mortbayjettyMatch6.1.2rc3

mortbayjettyMatch6.1.2rc4

mortbayjettyMatch6.1.2rc5

mortbayjettyMatch6.1.3

mortbayjettyMatch6.1.4

mortbayjettyMatch6.1.4rc0

mortbayjettyMatch6.1.4rc1

mortbayjettyMatch6.1.5

mortbayjettyMatch6.1.5rc0

mortbayjettyMatch6.1.6

mortbayjettyMatch6.1.6rc0

mortbayjettyMatch6.1.6rc1

mortbayjettyMatch6.1.7

mortbayjettyMatch6.1.8

mortbayjettyMatch6.1.9

mortbayjettyMatch6.1.10

mortbayjettyMatch6.1.11

mortbayjettyMatch6.1.12

mortbayjettyMatch6.1.12rc1

mortbayjettyMatch6.1.12rc2

mortbayjettyMatch6.1.12rc3

mortbayjettyMatch6.1.12rc4

mortbayjettyMatch6.1.12rc5

mortbayjettyMatch6.1.14

mortbayjettyMatch6.1.15

mortbayjettyMatch6.1.15pre0

mortbayjettyMatch6.1.15rc2

mortbayjettyMatch6.1.15rc3

mortbayjettyMatch6.1.15rc4

mortbayjettyMatch6.1.15rc5

mortbayjettyMatch6.1.16

mortbayjettyMatch6.1.19

mortbayjettyMatch6.1.20

mortbayjettyMatch7.0.0

References

www.securityfocus.com/archive/1/508830/100/0/threaded

www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

www.ush.it/team/ush/hack_httpd_escape/adv.txt

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.9 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for NVD:CVE-2009-4611

prion1 ubuntucve1 osv1 veracode1 cvelist1 cve2 github1 nvd1 openvas1 ibm2