3 matches found
Design/Logic Flaw
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable...
Jetty CookieDump.java Sample Application Persistent XSS
The installed version of Mort Bay Jetty includes a sample web application, 'CookieDump.java', that allows for setting arbitrary cookies through user input to the 'Name' and 'Value' GET parameters to '/cookie' and in turn uses those without sanitizing them to generate dynamic HTML output. An...
jetty 6.x - 7.x xss information disclosure injection
No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...