Fluid Attacks Database

Description

Mortbay Jetty Double Slash URI Information Disclosure Vulnerability Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple / (slash) characters in the URI.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.mortbay.jetty:jetty	>=6.1.5 <6.1.7	6.1.7

Aliases

1. CVE-2007-66722. NVD-2007-66723. OSV-2007-66724. GCVE-2007-6672

References

1. https://web.archive.org/web/20080113051254/http://www.kb.cert.org/vuls/id/5532352. https://web.archive.org/web/20080120225723/http://jira.codehaus.org/browse/JETTY-3863. https://web.archive.org/web/20080120225728/http://jira.codehaus.org/browse/JETTY/fixforversion/139504. https://web.archive.org/web/20080517012615/http://www.securityfocus.com/bid/27117

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.