Jetty HTTP server directory traversal vulnerability

Overview A vulnerability in the Jetty HTTP server could allow a remote attacker to gain access to files outside of the normal document tree. Description Jetty provides an HTTP server, HTTP client, and javax.servlet container. An error in the way canonical paths are interpreted in the HTTP server'...

[SECURITY] Fedora 9 Update: jetty-5.1.14-1jpp.2.fc9

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

CVE-2004-2478

The CVE-2004-2478 entry concerns Jetty HTTP Server in affected products (IBM Trading Partner Interchange < 4.2.4; CA Unicenter Web Services Distributed Management

CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in 1 IBM Trading Partner Interchange before 4.2.4, 2 CA Unicenter Web Services Distributed Management WSDM before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. dot dot in the URL...

CVE-2004-2381

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service memory usage and application crash via HTTP requests with a large Content-Length...

CVE-2004-2381

CVE-2004-2381 affects the Jetty HTTP Server prior to 4.2.19. The vulnerability arises in HttpRequest.java handling of HTTP requests with a large Content-Length, allowing remote attackers over the network to cause memory usage growth and a denial of service (application crash). Affected products a...

CVE-2004-2381

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service memory usage and application crash via HTTP requests with a large Content-Length...

CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in 1 IBM Trading Partner Interchange before 4.2.4, 2 CA Unicenter Web Services Distributed Management WSDM before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. dot dot in the URL...

CVE-2002-1178

The CVE-2002-1178 entry concerns a directory traversal vulnerability in the Jetty HTTP server’s CGIServlet (affected: Jetty CGIServlet prior to 4.1.0). An attacker can craft requests to the cgi-bin directory using ..\ sequences to trigger arbitrary command execution. The provided documents identi...

CVE-2002-1178

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ dot-dot backslash sequences in an HTTP request to the cgi-bin directory...

CVE-2002-1178

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ dot-dot backslash sequences in an HTTP request to the cgi-bin directory...