FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jetty -- multiple vulnerabilities

Affected packages
jetty < 6.1.6

Details

VuXML ID 6ae7cef2-a6ae-11dc-95e6-000c29c5647f
Discovery 2007-12-05
Entry 2007-12-10

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

[source]

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

[source]

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

[source]

References

CERT/CC Vulnerability Note 212984
CERT/CC Vulnerability Note 237888
CERT/CC Vulnerability Note 438616
CVE Name CVE-2007-5613
CVE Name CVE-2007-5614
CVE Name CVE-2007-5615
URL http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.