Fluid Attacks Database

Description

Mortbay Jetty Discloses JSP Source Code Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (%5C) characters. NOTE: this might be the same issue as CVE-2006-2758.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.mortbay.jetty:jetty	>=0 <5.1.6	5.1.6

Aliases

1. CVE-2005-37472. NVD-2005-37473. OSV-2005-37474. GCVE-2005-3747

References

1. http://sourceforge.net/project/shownotes.php?release_id=372086&group_id=73222. http://www.securityfocus.com/archive/1/450315/100/0/threaded3. http://www.securityfocus.com/bid/15515

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.