CVE-2007-5614 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <6.1.6

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.03491 pctl0.87125

Details

Improper Authentication in Mortbay Jetty Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

Metadata

Created: 2022-05-01T18:35:01Z
Modified: 2022-06-08T22:32:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fvh3-4v5r-cvvc/GHSA-fvh3-4v5r-cvvc.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-fvh3-4v5r-cvvc
Finding: F039
Auto approve: 1