Jetty is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. Jetty 6.1.16 and prior versions are affected.
The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html for more information.
Updated on 2015-03-25
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- IBM WebSphere Application Server Administration Console DoS vulnerability
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability