logo

Database

Lack of data validation - Path Traversal In org.mortbay.jetty:jetty

Description

Jetty Directory Traversal Vulnerability Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2006-27582. NVD-2006-27583. OSV-2006-27584. GCVE-2006-2758

References

1. https://web.archive.org/web/20200302050157/http://securitytracker.com/id?1016168

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.