Lucene search

K

Mandriva Security Advisory MDVSA-2009:291 (jetty5)

🗓️ 11 Nov 2009 00:00:00Reported by Copyright (C) 2009 E-Soft Inc.Type 
openvas
 openvas
🔗 plugins.openvas.org👁 32 Views

Mandriva Security Advisory MDVSA-2009:291 (jetty5) - Vulnerability in HTTP serve

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2009-1523
5 May 200917:00
cvelist
Cvelist
CVE-2011-4404
19 Nov 201102:00
cvelist
UbuntuCve
CVE-2009-1523
5 May 200900:00
ubuntucve
UbuntuCve
CVE-2011-4404
19 Nov 201100:00
ubuntucve
Veracode
Directory Traversal
8 Nov 201806:30
veracode
Tenable Nessus
Mandriva Linux Security Advisory : jetty5 (MDVSA-2009:291)
30 Oct 200900:00
nessus
Tenable Nessus
openSUSE Security Update : jetty5 (jetty5-1531)
11 Nov 200900:00
nessus
Tenable Nessus
Fedora 9 : jetty-5.1.15-3.fc9 (2009-5500)
27 May 200900:00
nessus
Tenable Nessus
VMSA-2010-0012 : VMware vCenter Update Manager Fix for Jetty Web Server
17 Feb 201100:00
nessus
Tenable Nessus
Fedora 11 : jetty-5.1.15-4.fc11 (2009-5509)
27 May 200900:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2009 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.66126");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2009-11-11 15:56:44 +0100 (Wed, 11 Nov 2009)");
  script_cve_id("CVE-2009-1523");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("Mandriva Security Advisory MDVSA-2009:291 (jetty5)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 E-Soft Inc.");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/rpms", re:"ssh/login/release=MNDK_(2009\.0|2009\.1)");
  script_tag(name:"insight", value:"A vulnerability has been identified and corrected in jetty5:

Directory traversal vulnerability in the HTTP server in Mort Bay
Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows
remote attackers to access arbitrary files via directory traversal
sequences in the URI (CVE-2009-1523).

This update fixes this vulnerability.

Affected: 2009.0, 2009.1");
  script_tag(name:"solution", value:"To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.");

  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:291");
  script_tag(name:"summary", value:"The remote host is missing an update to jetty5
announced via advisory MDVSA-2009:291.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"jetty5", rpm:"jetty5~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-demo", rpm:"jetty5-demo~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-javadoc", rpm:"jetty5-javadoc~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-manual", rpm:"jetty5-manual~5.1.15~0.1.5.1.1mdv2009.0", rls:"MNDK_2009.0")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5", rpm:"jetty5~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-demo", rpm:"jetty5-demo~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-javadoc", rpm:"jetty5-javadoc~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"jetty5-manual", rpm:"jetty5-manual~5.1.15~0.1.5.1.1mdv2009.1", rls:"MNDK_2009.1")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo