CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

OSV•added 2022/05/02 3:56 a.m.•1 views

GHSA-6JXP-7G74-2RC3 Improper input validation in Mort Bay Jetty

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

7.3CVSS7.1AI score0.00948EPSS

Exploits1References6

UbuntuCve•added 2019/11/15 4:15 p.m.•31 views

CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent...

7AI score

Exploits0References1

Positive Technologies•added 2019/11/15 12:0 a.m.•2 views

PT-2019-6517 · Eclipse · Jetty

Name of the Vulnerable Software and Affected Versions: Jetty versions 6.x through 6.1.21 Description: The issue concerns an escape sequence injection vulnerability that can be exploited through two vectors: the "Cookie Dump Servlet" and the HTTP Content-Length header. Specifically, a POST request...

8AI score

Exploits0References4

CNVD•added 2019/11/13 12:0 a.m.•2 views

Eclipse Jetty Cross-Site Scripting Vulnerability (CNVD-2019-42375)

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the Cookie Dump Servlet in Eclipse Jetty versions prior to 6.1.22. The vulnerability stems from a lack of proper validation of client-side...

6.1CVSS6.4AI score0.00796EPSS

Exploits1References1