Mandriva Security Advisory MDVSA-2009:291 (jetty5) Network Vulnerability

Summary

The remote host is missing an update to jetty5 announced via advisory MDVSA-2009:291.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:291

Insight

A vulnerability has been identified and corrected in jetty5: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI (CVE-2009-1523). This update fixes this vulnerability. Affected: 2009.0, 2009.1

Severity

Classification

CVE CVE-2009-1523
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:117 (ntp)
Mandrake Security Advisory MDVSA-2009:136 (tomcat5)
Mandrake Security Advisory MDVSA-2009:026 (phpMyAdmin)
Mandrake Security Advisory MDVSA-2009:138 (tomcat5)
Mandrake Security Advisory MDVSA-2009:161-1 (squid)

Take action and discover your vulnerabilities