CVE-2009-1523 – org.mortbay.jetty:jetty

Package

Manager: maven
Name: org.mortbay.jetty:jetty
Vulnerable Version: >=0 <6.1.17 || >=7.0.0.m0 <7.0.0.m2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.27952 pctl0.96295

Details

Directory traversal in Mort Bay Jetty Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Metadata

Created: 2022-05-02T03:26:04Z
Modified: 2023-08-03T17:32:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9986-w5h5-vw59/GHSA-9986-w5h5-vw59.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-9986-w5h5-vw59
Finding: F063
Auto approve: 1