9 matches found
Astra Linux - уязвимость в jetty9
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to an org.eclipse.jetty.servlets.CGI Servlet for a binary file whose name contains...
EUVD-2009-5003
Malware in sbrugna...
ROS-20241216-10
The Jetty servlet container vulnerability is related to the lack of control over internal resource consumption within DoSFilter. Exploitation of the vulnerability could allow an attacker acting remotely to repeatedly send crafted requests multiple times, cause an OutofMemory error, and finally...
jetty: Improper addition of quotation marks to user inputs in CgiServlet
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. "The web shells are concealed within an unknown binary format and are designed to evade security...
jetty: Improper addition of quotation marks to user inputs in CgiServlet
A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...
Information Disclosure
jetty-util and jetty-servlet is vulnerable to information disclosures. When handling a query with bad characters that doesn't match the url-pattern, the application throws an InvalidPathException that shows the full path to the base resource directory of the web application...
wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Westpoint Security Advisory Title: Jetty CGIServlet Arbitrary Command Execution Risk Rating: Medium Software: Jetty Servlet Container Platforms: Win32 other platforms not tested Vendor URL: www.mortbay.org Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID: wp-02-0011.txt...
Jetty 4.1 Servlet Engine - Cross-Site Scripting
Jetty 4.1 Servlet Engine - Cross-Site Scripting source: https://www.securityfocus.com/bid/5821/info Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms. It has been reported that Jetty does not properly...