Lucene search
+L

28 matches found

nvd
nvd
added 2026/06/25 2:16 p.m.10 views

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
cve
cve
added 2026/06/25 1:34 p.m.15 views

CVE-2026-56122

Winstone Servlet Engine up to version 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences not sanitized when serving static files from the configured webroot. Attackers can traverse ...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/25 1:34 p.m.40 views

CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
euvd
euvd
added 2026/06/25 1:34 p.m.6 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.11 views

PT-2026-52437

Name of the Vulnerable Software and Affected Versions Winstone Servlet Engine versions prior to 0.9.11 Description A path traversal flaw exists when serving static files from the configured webroot. Unauthenticated attackers can read arbitrary files accessible to the servlet engine process,...

8.7CVSS5.9AI score0.00377EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-2107

Malware in sbrugna...

5CVSS6AI score0.01548EPSS
Exploits0References7
susecve
susecve
added 2023/02/15 5:30 a.m.3 views

SUSE CVE-2014-2060

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS6.6AI score0.01548EPSS
Exploits0References3
snyk
snyk
added 2022/05/17 3:53 a.m.2 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to Cross-site Scripting XSS via error messages. An attacker can inject arbitrary web script or HTML by crafting malicious input that triggers these error messages. Details...

3.7CVSS5.3AI score0.01277EPSS
Exploits0References2
snyk
snyk
added 2022/05/17 3:53 a.m.1 views

User Impersonation

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to User Impersonation. An attacker can hijack user sessions by exploiting unspecified vectors. Remediation Upgrade org.jenkins-ci:winstone to version 0.9.10-jenkins-48 or...

9.3CVSS7.1AI score0.01548EPSS
Exploits0References2
osv
osv
added 2022/05/17 3:53 a.m.2 views

GHSA-9C26-CF8C-MW43 Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

6.9CVSS5.9AI score0.01548EPSS
Exploits0References4
github
github
added 2022/05/17 3:53 a.m.12 views

Jenkins allows Remote Attackers to Hijack Sessions

The Winstone servlet container in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack sessions via unspecified vectors...

5CVSS6.7AI score0.01548EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2022/05/14 2:13 a.m.2 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci:winstone is a command line wrapper around Jetty. Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker with some degree of write access can inject arbitrary web script or HTML into generated pages. Note: This attack can be only mounted...

3.5CVSS5.2AI score0.01424EPSS
Exploits0References2
nessus
nessus
added 2021/11/18 12:0 a.m.41 views

Jenkins Enterprise and Operations Center < 2.249.31.0.1 / 2.277.3.1 DoS (CloudBees Security Advisory 2021-04-20)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.249.x prior to 2.249.31.0.1, or 2.x prior to 2.277.3.1. It is, therefore, affected by a denial of service vulnerability due to an issue with Winstone-Jetty. An unauthenticated, remote attacker can...

7.8CVSS7AI score0.53861EPSS
Exploits1References2
thn
thn
added 2020/08/18 9:55 a.m.7 views

Critical Jenkins Server Vulnerability Could Leak Sensitive Information

Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of...

9.4CVSS7.5AI score0.11138EPSS
Exploits0
veracode
veracode
added 2019/05/02 4:55 a.m.26 views

Session Hijacking

jenkins is vulnerable to session hijacking. The vulnerability exists in the winstone servlet container...

5CVSS6.1AI score0.05406EPSS
Exploits7References26Affected Software3
openvas
openvas
added 2016/08/04 12:0 a.m.30 views

Jenkins Winstone Servlet Cross Site Scripting Vulnerability (Nov 2011) - Windows

Jenkins is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...

2.6CVSS6AI score0.01277EPSS
Exploits0References2
zdt
zdt
added 2016/07/20 12:0 a.m.68 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting

Exploit for multiple platform in category web applications Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2016/07/20 12:0 a.m.41 views

Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation

...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2016/07/20 12:0 a.m.45 views

Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities Vendor: Wowza Media Systems, LLC. Product web page: https://www.wowza.com Affected version: 4.5.0 build 18676 Platform: JSP Summary: Wowza Streaming Engine is robust, customizable, and scalable server software that powers...

7.4AI score
Exploits0
openvas
openvas
added 2015/01/05 12:0 a.m.20 views

Fedora Update for jenkins-winstone FEDORA-2014-15776

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Rows per page
Query Builder