Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5614

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5614
Last Modified 10 Jun 2009 01:09:57
Published 05 Dec 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5614

Summary

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

Vulnerable Systems

Application

  • Mortbay Jetty Jetty 1.0

  • Mortbay Jetty Jetty 2.4

  • Mortbay Jetty Jetty 3.0

  • Mortbay Jetty Jetty 3.1

  • Mortbay Jetty Jetty 4.0

  • Mortbay Jetty Jetty 4.1

  • Mortbay Jetty Jetty 4.2

  • Mortbay Jetty Jetty 5

  • Mortbay Jetty Jetty 5.1

  • Mortbay Jetty Jetty 6

  • Mortbay Jetty Jetty 6.1


References

CERT-VN - VU#438616

FEDORA - FEDORA-2008-6164

FEDORA - FEDORA-2008-6141

CONFIRM - http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt

SECUNIA - 35143

SECUNIA - 30941

OSVDB - 42496

BID - 26695

SECUNIA - 27925


Last Updated: 27 May 2016 10:46:13