Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-1524

Published: 05/05/2009 Updated: 20/07/2010
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty prior to 6.1.17 allows remote malicious users to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Vulnerable Product Search on Vulmon Subscribe to Product

mortbay jetty 1.0.1

mortbay jetty 6.1.5

mortbay jetty 6.1.0

mortbay jetty 6.1.12

mortbay jetty 4.2.25

mortbay jetty 5.1.3

mortbay jetty 6.0.0

mortbay jetty 1.3.1

mortbay jetty 3.0.a3

mortbay jetty 1.3.4

mortbay jetty 4.2.22

mortbay jetty 3.1.8

mortbay jetty 3.0.a0

mortbay jetty 6.1.15

mortbay jetty 4.2.1

mortbay jetty 2.0.4

mortbay jetty 2.2

mortbay jetty 2.2.8

mortbay jetty 5.1.2

mortbay jetty 5.1.5

mortbay jetty 5.1.13

mortbay jetty 3.0.a95

mortbay jetty 4.2.9

mortbay jetty 3.0.0

mortbay jetty 5.0

mortbay jetty 2.1.1

mortbay jetty 3.0.a97

mortbay jetty 6.1.14

mortbay jetty 2.0

mortbay jetty 6.1.11

mortbay jetty 3.0.a99

mortbay jetty 4.0.b2

mortbay jetty 2.3.2

mortbay jetty 2.4.9

mortbay jetty 4.0.5

mortbay jetty 4.0.0

mortbay jetty 4.0.d4

mortbay jetty 5.1.4

mortbay jetty 3.0.a6

mortbay jetty 6.1.4

mortbay jetty 5.1.8

mortbay jetty 2.1.b1

mortbay jetty 4.1.1

mortbay jetty 6.1.10

mortbay jetty 2.3.1

mortbay jetty 5.1.10

mortbay jetty 3.1

mortbay jetty 4.2.10

mortbay jetty 3.0.2

mortbay jetty 6.0.1

mortbay jetty 2.3.0a

mortbay jetty 4.2.0

mortbay jetty 2.4.2

mortbay jetty 5.1.1

mortbay jetty 5.1.6

mortbay jetty 4.2.16

mortbay jetty 3.0.a7

mortbay jetty 2.1.5

mortbay jetty 2.0.1

mortbay jetty 3.0.1

mortbay jetty 6.1.6

mortbay jetty 3.0.a96

mortbay jetty 2.3.3

mortbay jetty 2.1.2

mortbay jetty 1.3.3

mortbay jetty 4.0.2

mortbay jetty 4.2.23

mortbay jetty 3.1.0

mortbay jetty 4.2.12

mortbay jetty 6.1.2

mortbay jetty 4.2.17

mortbay jetty 2.2.3

mortbay jetty 4.1.b0

mortbay jetty 2.4.6

mortbay jetty 6.1.1

mortbay jetty 4.1.3

mortbay jetty 3.1.5

mortbay jetty 2.3.0

mortbay jetty 4.2.5

mortbay jetty 6.1.3

mortbay jetty 1.1.1

mortbay jetty 2.0.2

mortbay jetty 2.0.0

mortbay jetty 3.0.6

mortbay jetty 3.0.a9

mortbay jetty 4.1.0

mortbay jetty 4.2.26

mortbay jetty 4.0.d3

mortbay jetty 3.1.2

mortbay jetty 4.0.6

mortbay jetty 1.3.2

mortbay jetty 2.4.4

mortbay jetty 5.1.12

mortbay jetty 3.0.b01

mortbay jetty 4.2.21

mortbay jetty 3.0.b02

mortbay jetty 4.2.24

mortbay jetty 2.4.3

mortbay jetty 4.1.d2

mortbay jetty 2.1.6

mortbay jetty 4.2.4

mortbay jetty 3.0.5

mortbay jetty 3.0.a92

mortbay jetty 4.0.3

mortbay jetty 1.3.5

mortbay jetty 3.0.a90

mortbay jetty 5.1.11

mortbay jetty 4.2.14

mortbay jetty 1.1

mortbay jetty 4.0.1

mortbay jetty 2.2.6

mortbay jetty 4.1.b1

mortbay jetty 2.4.5

mortbay jetty 3.0.a2

mortbay jetty 3.1.6

mortbay jetty 4.2.20

mortbay jetty 2.2.2

mortbay jetty 3.1.3

mortbay jetty 4.0.4

mortbay jetty 2.3.4

mortbay jetty 2.1.4

mortbay jetty 3.0.a91

mortbay jetty 4.0

mortbay jetty 2.0.5

mortbay jetty 4.0.d0

mortbay jetty 3.0.a4

mortbay jetty 3.0.b05

mortbay jetty 5.0.0

mortbay jetty 4.2.6

mortbay jetty 2.2.5

mortbay jetty 3.0.a5

mortbay jetty 4.2.8 01

mortbay jetty 3.0.b03

mortbay jetty 2.3.5

mortbay jetty 2.1.3

mortbay jetty 4.1.2

mortbay jetty 4.2.3

mortbay jetty 6.1.8

mortbay jetty 3.1.9

mortbay jetty 2.4.0

mortbay jetty 2.2.0

mortbay jetty 5.1.7

mortbay jetty 1.2.0

mortbay jetty 2.2.7

mortbay jetty 2.2.1

mortbay jetty 4.2.19

mortbay jetty 3.0.4

mortbay jetty 4.0.d2

mortbay jetty 5.1.0

mortbay jetty 3.0.a98

mortbay jetty 4.2.15

mortbay jetty 4.1.d1

mortbay jetty 4.0.d1

mortbay jetty 4.1.4

mortbay jetty 1.3.0

mortbay jetty 4.2.7

mortbay jetty 3.1.4

mortbay jetty 2.1.b0

mortbay jetty 2.4.8

mortbay jetty 6.1.7

mortbay jetty 3.0.a94

mortbay jetty 5.1

mortbay jetty 3.1.1

mortbay jetty 4.1.d0

mortbay jetty 2.2.4

mortbay jetty 4.0.b0

mortbay jetty 3.0.a1

mortbay jetty 3.0.3

mortbay jetty 2.1.7

mortbay jetty 4.2.2

mortbay jetty 3.0.b04

mortbay jetty 3.0.a8

mortbay jetty 4.2.18

mortbay jetty 4.0.b1

mortbay jetty 3.1.7

mortbay jetty 3.0.a93

mortbay jetty 5.1.9

mortbay jetty 4.2.27

mortbay jetty 6.1.9

mortbay jetty 2.1.0

mortbay jetty 2.4.1

mortbay jetty 6.0.2

mortbay jetty 1.0

mortbay jetty 2.4.7

mortbay jetty 2.0.3

mortbay jetty 5.1.14

mortbay jetty

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
Debian Bug report logs - #528389 CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Luciano Bello <luciano@debianorg> Date: Tue, 12 May 2009 16:09:04 UTC Sev ...
Debian CVElist Bug Report Logs: CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty
Debian Bug report logs - #527571 CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Fri, 8 May 2009 08:42:00 UTC Severity: ...
Debian CVElist Bug Report Logs: CVE-2007-5615: CRLF injection vulnerability
Debian Bug report logs - #454529 CVE-2007-5615: CRLF injection vulnerability Package: jetty; Maintainer for jetty is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 5 Dec 2007 22:42:01 UTC Severity: important Tags: security ...

Mailing Lists

Full Disclosure: Re: Jetty 6.1.6 Cross-Site Scripting (XSS)
On Thu, 23 Aug 2018 at 16:22, <1n3 () hushmail com> wrote: The demise of the MortBay and Codehaus websites doesn't help, this isn't the sort of forensics I expected to do webarchiveorg/web/20090709110650/jiracodehausorg/browse/JETTY-980 Suggests semicolon after any directory listing, led to inclusion of the text after ...
Full Disclosure: Re: Jetty 6.1.6 Cross-Site Scripting (XSS)
On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure < fulldisclosure () seclists org> wrote: Is this CVE-2009-1524? If so fixed in 6117, April 2009 _______________________________________________ Sent through the Full Disclosure mailing list nmaporg/mailman/listinfo/fulldisclosure Web Archives & RSS: seclistsorg ...
Full Disclosure: Re: Jetty 6.1.6 Cross-Site Scripting (XSS)
It's likely CVE-2009-1524, but the description is vague and no public PoC was released as far as I can tell On 8/23/2018 at 2:00 AM, "Simon Waters" wrote: On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure wrote: Title: Jetty 616 Cross-Site Scripting Date: 8/14/2018 Author: 1N3@CrowdShield - crowdshieldcom Software Link: http ...

References

CWE-79http://www.securityfocus.com/bid/34800http://secunia.com/advisories/34975http://jira.codehaus.org/browse/JETTY-980https://bugzilla.redhat.com/show_bug.cgi?id=499867http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://www.vupen.com/english/advisories/2010/1792http://secunia.com/advisories/40553https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528389
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080log injectionCVE-2024-6041CVE-2024-37661XML external entityCVE-2024-0845privilege escalationCVE-2023-37057CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook