Description

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

Remediation

References

http://securitytracker.com/id?1016168

Related Vulnerabilities

CVE-2020-12827 Vulnerability in maven package org.webjars.npm:mjml

CVE-2019-10757 Vulnerability in maven package org.webjars.npm:knex

CVE-2022-39353 Vulnerability in npm package @xmldom/xmldom

CVE-2021-26539 Vulnerability in npm package sanitize-html

CVE-2022-25927 Vulnerability in maven package org.webjars.npm:github-com-faisalman-ua-parser-js

Severity

Critical

Tags

Exploit NVD-CWE-Other