3 matches found
Code injection
jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...
CVE-2006-2758
Directory traversal vulnerability in jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c encoded ../ in the URL. NOTE: this might be the same issue as CVE-2005-3747...
CVE-2006-2758
CVE-2006-2758 is a directory traversal vulnerability in Jetty 6.0.x (jetty6) beta16. A remote attacker can read arbitrary files by using an encoded path like %2e%2e%5c (../) in the URL, potentially impacting confidentiality. The issue is noted to possibly be the same as CVE-2005-3747. The connect...