Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
Updated on 2015-03-25
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
- BadBlue invalid null byte vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability