Jetty HTTP Server CGIServlet Double Dot Arbitrary File Access

2002-10-01T00:00:00
ID OSVDB:8948
Type osvdb
Reporter OSVDB
Modified 2002-10-01T00:00:00

Description

Solution Description

Upgrade to version 4.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor Specific Advisory URL Other Advisory URL: http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt Keyword: Directory Traversal ISS X-Force ID: 10246 CVE-2002-1178 Bugtraq ID: 5852