189 matches found
CVE-2017-7658
In CVE-2017-7658, Eclipse Jetty had a flaw in how it handles HTTP requests when multiple Content-Length headers are present or when a Content-Length header accompanies a chunked encoding header. This could allow a forged or pipelined request to bypass intermediary authorization if the shorter len...
Information Disclosure
hadoop-common is vulnerable to information disclosure. The Jetty server version is leaked as a header in HTTP responses. Using this, attackers have a better idea of potential exploits which might work against the server...
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: http://www.inductiveautomation.com Affected version: 7.8.1 b2016012216 and 7.8.0 b2015101414 Platform: Java...
Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers
Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: http://www.inductiveautomation.com Affected version: 7.8.1 b2016012216 and 7.8.0 b2015101414 Platform: Java Summary: Ignition is a powerful industrial application platform with full...
Inductive Automation Ignition 7.8.1 - Remote Leakage Of Shared Buffers
Inductive Automation Ignition 7.8.1 Remote Leakage Of Shared Buffers Vendor: Inductive Automation Product web page: http://www.inductiveautomation.com Affected version: 7.8.1 b2016012216 and 7.8.0 b2015101414 Platform: Java Summary: Ignition is a powerful industrial application platform with full...
The Java Debugger exploits and fixes-vulnerability warning-the black bar safety net
0x0 Foreword Recently found an interesting vulnerability-JAVA open the Debugger mode can execute arbitrary system commands. Need certain Use Conditions, you have to be open to debug the process of setting up a breakpoint, and then use this breakpoint to execute the command of the operation. 0x1...
JBOSS 3.2.1: JSP source code disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, jboss 3.2.1 with jetty seems to be vulnerable to jsp source code disclosure. Trying to access the ServerInfo.jsp with an suffixed "00" shows the source code of this JSP. Seems to be a forgotten debug feature :-...
Jetty 4.1 Servlet Engine - Cross-Site Scripting
source: https://www.securityfocus.com/bid/5821/info Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms. It has been reported that Jetty does not properly sanitize requests. This could result in a user...
Other Web Servers vulnerable to %3f.jsp directory listing
I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...