CVE-2007-6672 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=6.1.5 <6.1.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00618 pctl0.6904

Details

Mortbay Jetty Double Slash URI Information Disclosure Vulnerability Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple `/` (slash) characters in the URI.

Metadata

Created: 2022-05-01T18:45:22Z
Modified: 2023-08-22T23:30:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4jjw-xrr6-9v3p/GHSA-4jjw-xrr6-9v3p.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-4jjw-xrr6-9v3p
Finding: F063
Auto approve: 1