Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-1524

Published: 05/05/2009 Updated: 20/07/2010
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Mortbay

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty prior to 6.1.17 allows remote malicious users to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Product Search on Vulmon Subscribe to Product

mortbay jetty 6.1.15

mortbay jetty 6.1.12

mortbay jetty 6.1.11

mortbay jetty 6.1.6

mortbay jetty 6.1.5

mortbay jetty 6.1.2

mortbay jetty 6.1.1

mortbay jetty 6.1.0

mortbay jetty 5.1.14

mortbay jetty 4.2.27

mortbay jetty 6.0.0

mortbay jetty 5.1.7

mortbay jetty 5.1.3

mortbay jetty 4.2.24

mortbay jetty 5.1.2

mortbay jetty 5.1.0

mortbay jetty 6.0.2

mortbay jetty 5.1.13

mortbay jetty 4.2.26

mortbay jetty 6.0.1

mortbay jetty 5.1.8

mortbay jetty 5.1.4

mortbay jetty 5.1.1

mortbay jetty 5.0

mortbay jetty 5.0.0

mortbay jetty 4.2.17

mortbay jetty 4.2.16

mortbay jetty 4.2.14

mortbay jetty 4.2.10

mortbay jetty 4.2.5

mortbay jetty 4.2.4

mortbay jetty 4.2.0

mortbay jetty 4.1.0

mortbay jetty 4.1.b0

mortbay jetty 4.1.d2

mortbay jetty 4.1.d0

mortbay jetty 6.1.8

mortbay jetty 6.1.7

mortbay jetty 6.1.4

mortbay jetty 6.1.3

mortbay jetty 5.1.11

mortbay jetty 4.2.25

mortbay jetty 5.1.9

mortbay jetty 5.1.5

mortbay jetty 4.2.19

mortbay jetty 4.2.18

mortbay jetty 4.2.15

mortbay jetty 4.2.7

mortbay jetty 4.2.6

mortbay jetty 4.1.4

mortbay jetty 5.1

mortbay jetty 4.2.22

mortbay jetty 4.2.20

mortbay jetty 4.2.9

mortbay jetty 4.2.3

mortbay jetty 4.1.3

mortbay jetty 4.0.6

mortbay jetty 3.1.8

mortbay jetty 3.1.9

mortbay jetty 4.0.1

mortbay jetty 4.0.b2

mortbay jetty 4.0.b1

mortbay jetty 3.1.5

mortbay jetty 3.1.4

mortbay jetty 3.1

mortbay jetty 3.0.5

mortbay jetty 3.0.4

mortbay jetty 3.0.0

mortbay jetty 2.4.6

mortbay jetty 3.0.b05

mortbay jetty 3.0.a97

mortbay jetty 3.0.a96

mortbay jetty 2.4.5

mortbay jetty 2.4.4

mortbay jetty 2.4.3

mortbay jetty 2.3.2

mortbay jetty 2.3.1

mortbay jetty 2.2.4

mortbay jetty 2.2.3

mortbay jetty 2.2

mortbay jetty 2.1.2

mortbay jetty 2.1.1

mortbay jetty 2.0.2

mortbay jetty 2.0.1

mortbay jetty 1.3.3

mortbay jetty 1.3.2

mortbay jetty 1.0

mortbay jetty 3.0.a9

mortbay jetty 3.0.a2

mortbay jetty 3.0.a1

mortbay jetty 4.0.5

mortbay jetty 4.1.b1

mortbay jetty 4.1.d1

mortbay jetty 4.0.2

mortbay jetty 4.0

mortbay jetty 4.0.d3

mortbay jetty 4.0.d2

mortbay jetty 3.1.1

mortbay jetty 3.1.0

mortbay jetty 3.0.1

mortbay jetty 2.4.9

mortbay jetty 3.0.b02

mortbay jetty 3.0.b01

mortbay jetty 3.0.a93

mortbay jetty 3.0.a92

mortbay jetty 2.4.0

mortbay jetty 2.3.5

mortbay jetty 2.2.8

mortbay jetty 2.2.7

mortbay jetty 2.2.0

mortbay jetty 2.1.6

mortbay jetty 2.1.5

mortbay jetty 2.1.b0

mortbay jetty 2.0.4

mortbay jetty 2.0

mortbay jetty 1.2.0

mortbay jetty 1.1.1

mortbay jetty 3.0.a6

mortbay jetty 3.0.a5

mortbay jetty 3.1.7

mortbay jetty 3.1.6

mortbay jetty 4.0.d1

mortbay jetty 4.0.d0

mortbay jetty 3.0.6

mortbay jetty 2.4.8

mortbay jetty 2.4.7

mortbay jetty 3.0.a99

mortbay jetty 3.0.a98

mortbay jetty 3.0.a91

mortbay jetty 3.0.a90

mortbay jetty 2.3.4

mortbay jetty 2.3.3

mortbay jetty 2.2.6

mortbay jetty 2.2.5

mortbay jetty 2.1.4

mortbay jetty 2.1.3

mortbay jetty 2.0.5

mortbay jetty 2.0.3

mortbay jetty 1.3.5

mortbay jetty 1.3.4

mortbay jetty 1.1

mortbay jetty 1.0.1

mortbay jetty 3.0.a4

mortbay jetty 3.0.a3

mortbay jetty 5.1.12

mortbay jetty 6.1.14

mortbay jetty 6.1.10

mortbay jetty 6.1.9

mortbay jetty 5.1.10

mortbay jetty 5.1.6

mortbay jetty 4.2.23

mortbay jetty 4.2.21

mortbay jetty 4.2.12

mortbay jetty 4.2.8_01

mortbay jetty 4.2.2

mortbay jetty 4.2.1

mortbay jetty 4.1.2

mortbay jetty 4.1.1

mortbay jetty 4.0.4

mortbay jetty 4.0.3

mortbay jetty 4.0.0

mortbay jetty 4.0.b0

mortbay jetty 4.0.d4

mortbay jetty 3.1.3

mortbay jetty 3.1.2

mortbay jetty 3.0.3

mortbay jetty 3.0.2

mortbay jetty 3.0.b04

mortbay jetty 3.0.b03

mortbay jetty 3.0.a95

mortbay jetty 3.0.a94

mortbay jetty 2.4.2

mortbay jetty 2.4.1

mortbay jetty 2.3.0

mortbay jetty 2.3.0a

mortbay jetty 2.2.2

mortbay jetty 2.2.1

mortbay jetty 2.1.7

mortbay jetty 2.1.0

mortbay jetty 2.1.b1

mortbay jetty 2.0.0

mortbay jetty 1.3.1

mortbay jetty 1.3.0

mortbay jetty 3.0.a8

mortbay jetty 3.0.a7

mortbay jetty 3.0.a0

mortbay jetty

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
Debian Bug report logs - #528389 CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Tue, 12 May 2009 16:09:04 UTC Sev ...
Debian CVElist Bug Report Logs: CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty
Debian Bug report logs - #527571 CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 8 May 2009 08:42:00 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2007-5615: CRLF injection vulnerability
Debian Bug report logs - #454529 CVE-2007-5615: CRLF injection vulnerability Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 5 Dec 2007 22:42:01 UTC Severity: important Tags: security ...

Mailing Lists

Full Disclosure: Re: Jetty 6.1.6 Cross-Site Scripting (XSS)
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Jetty 616 Cross-Site Scripting (XSS) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: 1n3--- via Ful ...

References

CWE-79http://www.securityfocus.com/bid/34800http://secunia.com/advisories/34975http://jira.codehaus.org/browse/JETTY-980https://bugzilla.redhat.com/show_bug.cgi?id=499867http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://www.vupen.com/english/advisories/2010/1792http://secunia.com/advisories/40553https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528389
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook