CVE-2005-3747 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <5.1.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.17313 pctl0.94791

Details

Mortbay Jetty Discloses JSP Source Code Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (`%5C`) characters. NOTE: this might be the same issue as CVE-2006-2758.

Metadata

Created: 2022-05-01T02:20:38Z
Modified: 2023-09-18T23:46:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwq3-qp8v-w8q3/GHSA-cwq3-qp8v-w8q3.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-cwq3-qp8v-w8q3
Finding: F308
Auto approve: 1