Summary
Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
Jetty 6.1.16 and prior versions are affected.
Solution
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1523 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
- IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability
- CERN HTTPD access control bypass
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)