PRIOn knowledge basePRION:CVE-2009-4611Design/Logic Flaw
8.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window’s title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jetty | eq | 6.1.5 | |
| jetty | eq | 6.1.0 | |
| jetty | eq | 6.1.12 rc3 | |
| jetty | eq | 6.0.0 beta14 | |
| jetty | eq | 6.1.0 pre3 | |
| jetty | eq | 6.1.0 rc1 | |
| jetty | eq | 6.1.15 pre0 | |
| jetty | eq | 6.0.0 beta9 | |
| jetty | eq | 6.0.0 beta2 | |
| jetty | eq | 6.0.0 beta15 |
Related
8.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%