Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6672

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6672
Last Modified 29 Oct 2012 11:04:39
Published 08 Jan 2008 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6672

Summary

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.

Vulnerable Systems

Application

  • Mortbay Jetty Jetty 6.1.5

  • Mortbay Jetty Jetty 6.1.6


References

CERT-VN - VU#553235

VUPEN - ADV-2008-0079

BID - 27117

SECUNIA - 28322

CONFIRM - http://jira.codehaus.org/browse/JETTY/fixforversion/13950

CONFIRM - http://jira.codehaus.org/browse/JETTY-386#action_117699

MISC - http://www.igniterealtime.org/community/message/163752

SECUNIA - 28547

OSVDB - 39855


Last Updated: 27 May 2016 11:01:17