Directory Traversal

2018-11-1307:08:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.004 Low

EPSS

Percentile

75.1%

JSON

jetty is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of values in the file path, allowing %2e%2e%5c to be interpreted as ../, hence serving the requested files and causing directory traversal attacks.

CPENameOperatorVersion
jetty serverle6.0.0
jetty serverle6.0.0beta3

CPE	Name	Operator	Version
	jetty server	le	6.0.0
	jetty server	le	6.0.0beta3

References

securitytracker.com/id?1016168

www.eclipse.org/jetty/documentation/9.4.x/security-reports.html

0.004 Low

EPSS

Percentile

75.1%

JSON

Related for VERACODE:7776