Veracode Vulnerability DatabaseVERACODE:7781

HistoryNov 14, 2018 - 12:52 a.m.

Directory Traversal

2018-11-1400:52:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Jetty is vulnerable to directory traversal. A remote attacker is able to retrieve contents of JSP pages via URL-encoded backslash character %5C.

CPENameOperatorVersion
jetty serverle4.2.12
org.mortbay.jetty:org.mortbay.jettyle5.1.11
org.mortbay.jetty:org.mortbay.jetty.plusle5.1.5

Name	Operator	Version
jetty server	le	4.2.12
org.mortbay.jetty:org.mortbay.jetty	le	5.1.11
org.mortbay.jetty:org.mortbay.jetty.plus	le	5.1.5

References

secunia.com/advisories/17659

secunia.com/advisories/22669

sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322

www.securityfocus.com/archive/1/450315/100/0/threaded

www.securityfocus.com/bid/15515

www.vupen.com/english/advisories/2005/2515

www.securityfocus.com/archive/1/450315/100/0/threaded

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:7781