Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2024/02/13 2:45 p.m.3 views

jetty: Improper addition of quotation marks to user inputs in CgiServlet

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

3.5CVSS7.3AI score0.01006EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/09/19 1:56 a.m.5 views

SUSE CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS8AI score0.01006EPSS
Exploits1References4
OSV
OSV
added 2023/09/15 7:15 p.m.5 views

DEBIAN-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.1CVSS6.2AI score0.01006EPSS
Exploits1References1
OSV
OSV
added 2023/09/15 7:15 p.m.2 views

UBUNTU-CVE-2023-36479

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, th...

3.5CVSS6.8AI score0.01006EPSS
Exploits1References6
OSV
OSV
added 2023/09/14 4:16 p.m.2 views

GHSA-3GH6-V5V9-6V9J Jetty vulnerable to errant command quoting in CGI Servlet

If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the...

3.5CVSS6.9AI score0.01006EPSS
Exploits1References8
Rows per page
Query Builder