Description

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

Remediation

References

http://securitytracker.com/id?1016168

Related Vulnerabilities

CVE-2017-16220 Vulnerability in npm package wind-mvc

CVE-2018-3738 Vulnerability in npm package protobufjs

CVE-2023-41578 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-parent

CVE-2017-16166 Vulnerability in npm package byucslabsix

CVE-2021-41251 Vulnerability in npm package @sap-cloud-sdk/core

Severity

Critical

Tags

Exploit NVD-CWE-Other