Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
Updated on 2015-03-25
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- JServ Cross Site Scripting
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- lighttpd Slow Request Handling Remote Denial Of Service Vulnerability