CVE-2007-5615 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <6.1.6rc0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05337 pctl0.8968

Details

Mortbay Jetty CRLF Injection Vulnerability CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Metadata

Created: 2022-05-01T18:35:01Z
Modified: 2023-09-21T23:12:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-966r-962g-2jq5/GHSA-966r-962g-2jq5.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-966r-962g-2jq5
Finding: F422
Auto approve: 1