Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
Updated on 2015-03-25
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
- bozohttpd Security Bypass Vulnerability