Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-1523

Published: 05/05/2009 Updated: 23/10/2012
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Jetty

Vulnerability Summary

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x prior to 6.1.17, and 7.x up to and including 7.0.0.M2 allows remote malicious users to access arbitrary files via directory traversal sequences in the URI.

Vulnerable Product Search on Vulmon Subscribe to Product

mortbay jetty 6.1.15

mortbay jetty 6.1.12

mortbay jetty 6.1.6

mortbay jetty 6.1.5

mortbay jetty 6.1.2

mortbay jetty 6.1.1

mortbay jetty 5.1.13

mortbay jetty 5.1.14

mortbay jetty 6.0.1

mortbay jetty 6.0.0

mortbay jetty 5.1.8

mortbay jetty 5.1.7

mortbay jetty 5.1.4

mortbay jetty 5.1.3

mortbay jetty 5.1.1

mortbay jetty 5.1.0

mortbay jetty 5.1

mortbay jetty 5.0.0

mortbay jetty 4.2.22

mortbay jetty 4.2.16

mortbay jetty 5.0

mortbay jetty 4.2.14

mortbay jetty 4.2.10

mortbay jetty 4.2.9

mortbay jetty 4.2.4

mortbay jetty 4.1.3

mortbay jetty 4.0.6

mortbay jetty 4.1.0

mortbay jetty 4.1.d2

mortbay jetty 3.1.8

mortbay jetty 4.0.1

mortbay jetty 3.1.6

mortbay jetty 4.0.b2

mortbay jetty 4.0.d0

mortbay jetty 3.1.5

mortbay jetty 3.1

mortbay jetty 3.0.6

mortbay jetty 3.0.5

mortbay jetty

mortbay jetty 6.1.9

mortbay jetty 6.1.8

mortbay jetty 6.1.4

mortbay jetty 6.1.0

mortbay jetty 5.1.10

mortbay jetty 4.2.25

mortbay jetty 5.1.5

mortbay jetty 4.2.24

mortbay jetty 4.2.23

mortbay jetty 5.1.2

mortbay jetty 4.2.20

mortbay jetty 4.2.19

mortbay jetty 4.2.15

mortbay jetty 4.2.12

mortbay jetty 4.2.8_01

mortbay jetty 4.2.7

mortbay jetty 4.2.1

mortbay jetty 4.2.0

mortbay jetty 4.1.4

mortbay jetty 4.1.1

mortbay jetty 4.0.5

mortbay jetty 4.1.d1

mortbay jetty 4.0.2

mortbay jetty 4.0

mortbay jetty 4.0.d4

mortbay jetty 4.0.d3

mortbay jetty 3.1.1

mortbay jetty 3.1.0

mortbay jetty 3.0.2

mortbay jetty 3.0.1

mortbay jetty 3.0.0

mortbay jetty 3.0.b03

mortbay jetty 3.0.b02

mortbay jetty 3.0.a94

mortbay jetty 3.0.a93

mortbay jetty 2.4.1

mortbay jetty 2.4.0

mortbay jetty 2.3.0a

mortbay jetty 2.2.8

mortbay jetty 2.2.1

mortbay jetty 2.2.0

mortbay jetty 6.1.7

mortbay jetty 6.1.3

mortbay jetty 6.0.2

mortbay jetty 5.1.11

mortbay jetty 4.2.26

mortbay jetty 5.1.9

mortbay jetty 4.2.18

mortbay jetty 4.2.17

mortbay jetty 4.2.6

mortbay jetty 4.2.5

mortbay jetty 4.1.b1

mortbay jetty 4.1.b0

mortbay jetty 4.1.d0

mortbay jetty 3.1.7

mortbay jetty 4.0.d2

mortbay jetty 4.0.d1

mortbay jetty 2.4.9

mortbay jetty 2.4.8

mortbay jetty 3.0.b01

mortbay jetty 3.0.a99

mortbay jetty 3.0.a92

mortbay jetty 3.0.a91

mortbay jetty 3.0.a90

mortbay jetty 2.3.5

mortbay jetty 2.3.4

mortbay jetty 2.2.7

mortbay jetty 2.2.6

mortbay jetty 2.2

mortbay jetty 2.1.5

mortbay jetty 2.1.4

mortbay jetty 2.0.4

mortbay jetty 2.0.5

mortbay jetty 5.1.12

mortbay jetty 6.1.14

mortbay jetty 6.1.11

mortbay jetty 6.1.10

mortbay jetty 4.2.27

mortbay jetty 5.1.6

mortbay jetty 4.2.21

mortbay jetty 4.2.3

mortbay jetty 4.2.2

mortbay jetty 4.1.2

mortbay jetty 3.1.9

mortbay jetty 4.0.4

mortbay jetty 4.0.3

mortbay jetty 4.0.0

mortbay jetty 4.0.b1

mortbay jetty 4.0.b0

mortbay jetty 3.1.4

mortbay jetty 3.1.3

mortbay jetty 3.1.2

mortbay jetty 3.0.4

mortbay jetty 3.0.3

mortbay jetty 3.0.b05

mortbay jetty 3.0.b04

mortbay jetty 3.0.a96

mortbay jetty 3.0.a95

mortbay jetty 2.4.3

mortbay jetty 2.4.2

mortbay jetty 2.3.1

mortbay jetty 2.3.0

mortbay jetty 2.2.3

mortbay jetty 2.2.2

mortbay jetty 2.1.1

mortbay jetty 2.1.0

mortbay jetty 2.0.1

mortbay jetty 2.0.0

mortbay jetty 1.3.2

mortbay jetty 1.3.1

mortbay jetty 3.0.a9

mortbay jetty 3.0.a8

mortbay jetty 3.0.a1

mortbay jetty 3.0.a0

mortbay jetty 7.0.0

mortbay jetty 2.4.7

mortbay jetty 2.4.6

mortbay jetty 3.0.a98

mortbay jetty 3.0.a97

mortbay jetty 2.4.5

mortbay jetty 2.4.4

mortbay jetty 2.3.3

mortbay jetty 2.3.2

mortbay jetty 2.2.5

mortbay jetty 2.2.4

mortbay jetty 2.1.3

mortbay jetty 2.1.2

mortbay jetty 2.0.3

mortbay jetty 2.0.2

mortbay jetty 1.3.4

mortbay jetty 1.3.3

mortbay jetty 1.0.1

mortbay jetty 1.0

mortbay jetty 3.0.a3

mortbay jetty 3.0.a2

mortbay jetty 2.0

mortbay jetty 1.3.5

mortbay jetty 1.1.1

mortbay jetty 1.1

mortbay jetty 3.0.a5

mortbay jetty 3.0.a4

mortbay jetty 2.1.7

mortbay jetty 2.1.6

mortbay jetty 2.1.b1

mortbay jetty 2.1.b0

mortbay jetty 1.3.0

mortbay jetty 1.2.0

mortbay jetty 3.0.a7

mortbay jetty 3.0.a6

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
Debian Bug report logs - #528389 CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Tue, 12 May 2009 16:09:04 UTC Sev ...
Debian CVElist Bug Report Logs: CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty
Debian Bug report logs - #527571 CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 8 May 2009 08:42:00 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2007-5615: CRLF injection vulnerability
Debian Bug report logs - #454529 CVE-2007-5615: CRLF injection vulnerability Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 5 Dec 2007 22:42:01 UTC Severity: important Tags: security ...

Exploits

Exploit DB: Jetty Web Server - Directory Traversal
source: wwwsecurityfocuscom/bid/50723/info Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver Information harvested may aid in launching further attacks ...
Exploit DB: VMware - Update Manager Directory Traversal
# Exploit Title:VMware Update Manager Directory Traversal # Date:18/11/2011 # Author: Alexey Sintsov # Software Link: wwwvmwarecom/ # Version:202 # Tested on: Windows 2003 / vCenter Update Manager 41 U1 # CVE : CVE-2011-4404 DSECRG-11-042 VMware Update Manager - Directory Traversal Application: VMware Update Manager Versions Affect ...

References

CWE-22http://www.kb.cert.org/vuls/id/402580http://www.securityfocus.com/bid/34800http://secunia.com/advisories/34975http://www.kb.cert.org/vuls/id/CRDY-7RKQCYhttp://jira.codehaus.org/browse/JETTY-1004https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=499867http://secunia.com/advisories/35225http://secunia.com/advisories/35143http://www.vupen.com/english/advisories/2009/1900http://www.securityfocus.com/bid/35675http://secunia.com/advisories/35776http://www.securitytracker.com/id?1022563http://secunia.com/advisories/40553http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://www.vupen.com/english/advisories/2010/1792http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528389https://www.exploit-db.com/exploits/36318/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook