logo

Database

Lack of data validation In org.mortbay.jetty:jetty

Description

Improper Input Validation in Mortbay Jetty jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2006-27592. NVD-2006-27593. OSV-2006-27594. GCVE-2006-2759

References

1. https://www.eclipse.org/jetty/about.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.