17 matches found
Apache ActiveMQ JSP Files Source Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ JSP Files Source Disclosure', 'Description' = %q This module exploits a source code disclosure in Apache ActiveMQ. The...
Apache ActiveMQ Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache ActiveMQ Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and...
K01869532: Eclipse Jetty vulnerability CVE-2019-10241
Security Advisory Description In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of...
Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...
jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...
CVE-2019-10241
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...
Eclipse Jetty XSS Vulnerability (CVE-2019-10241) - Linux
Eclipse Jetty is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty...
GHSA-7VX9-XJHR-RW6H Cross-site Scripting in Eclipse Jetty
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...
EUVD-2019-0408
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents...
Apache ActiveMQ JSP Files Source Disclosure
This module exploits a source code disclosure in Apache ActiveMQ. The vulnerability is due to the Jetty's ResourceHandler handling of specially crafted URI's starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1 over Windows 2003 SP2 and Ubuntu 10.04. This module requires...
CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
CVE-2010-1587
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
CVE-2010-1587
The CVE-2010-1587 issue affects Apache ActiveMQ with the Jetty ResourceHandler. It enables a remote attacker to disclose JSP source code by sending a URI beginning with // that targets (admin/index.jsp, admin/queues.jsp, or admin/topics.jsp). Affected products/versions are ActiveMQ 5.x before 5.3...
Apache ActiveMQ Double Slash Request Source Code Disclosure
The version of Apache ActiveMQ hosted on the remote web server is affected by a source code disclosure vulnerability in the Jetty ResourceHandler when handling requests to a JSP file with additional leading slashes. A remote attacker can exploit this to disclose the source code of pages, which ma...
Jetty HTTP server directory traversal vulnerability
Overview A vulnerability in the Jetty HTTP server could allow a remote attacker to gain access to files outside of the normal document tree. Description Jetty provides an HTTP server, HTTP client, and javax.servlet container. An error in the way canonical paths are interpreted in the HTTP server'...