Lucene search
MitreCVE-2009-4609HistoryJan 13, 2010 - 8:30 p.m.
CVE-2009-4609
2010-01-1320:30:00
CWE-200
mitre
web.nvd.nist.gov
39
cve-2009-4609
mort bay jetty
information disclosure
remote attack
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.005
Percentile
77.1%
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
Affected configurations
Node
mortbayjettyMatch6.0.0
ORmortbayjettyMatch6.0.0alpha0
ORmortbayjettyMatch6.0.0alpha1
ORmortbayjettyMatch6.0.0alpha2
ORmortbayjettyMatch6.0.0alpha3
ORmortbayjettyMatch6.0.0beta0
ORmortbayjettyMatch6.0.0beta1
ORmortbayjettyMatch6.0.0beta10
ORmortbayjettyMatch6.0.0beta11
ORmortbayjettyMatch6.0.0beta12
ORmortbayjettyMatch6.0.0beta14
ORmortbayjettyMatch6.0.0beta15
ORmortbayjettyMatch6.0.0beta16
ORmortbayjettyMatch6.0.0beta17
ORmortbayjettyMatch6.0.0beta2
ORmortbayjettyMatch6.0.0beta3
ORmortbayjettyMatch6.0.0beta4
ORmortbayjettyMatch6.0.0beta5
ORmortbayjettyMatch6.0.0beta6
ORmortbayjettyMatch6.0.0beta7
ORmortbayjettyMatch6.0.0beta8
ORmortbayjettyMatch6.0.0beta9
ORmortbayjettyMatch6.0.0betax
ORmortbayjettyMatch6.0.0rc0
ORmortbayjettyMatch6.0.0rc1
ORmortbayjettyMatch6.0.0rc2
ORmortbayjettyMatch6.0.0rc3
ORmortbayjettyMatch6.0.0rc4
ORmortbayjettyMatch6.0.1
ORmortbayjettyMatch6.0.2
ORmortbayjettyMatch6.1.0
ORmortbayjettyMatch6.1.0pre0
ORmortbayjettyMatch6.1.0pre1
ORmortbayjettyMatch6.1.0pre2
ORmortbayjettyMatch6.1.0pre3
ORmortbayjettyMatch6.1.0rc0
ORmortbayjettyMatch6.1.0rc1
ORmortbayjettyMatch6.1.0rc2
ORmortbayjettyMatch6.1.0rc3
ORmortbayjettyMatch6.1.1
ORmortbayjettyMatch6.1.1rc0
ORmortbayjettyMatch6.1.2
ORmortbayjettyMatch6.1.2pre0
ORmortbayjettyMatch6.1.2pre1
ORmortbayjettyMatch6.1.2rc0
ORmortbayjettyMatch6.1.2rc1
ORmortbayjettyMatch6.1.2rc2
ORmortbayjettyMatch6.1.2rc3
ORmortbayjettyMatch6.1.2rc4
ORmortbayjettyMatch6.1.2rc5
ORmortbayjettyMatch6.1.3
ORmortbayjettyMatch6.1.4
ORmortbayjettyMatch6.1.4rc0
ORmortbayjettyMatch6.1.4rc1
ORmortbayjettyMatch6.1.5
ORmortbayjettyMatch6.1.5rc0
ORmortbayjettyMatch6.1.6
ORmortbayjettyMatch6.1.6rc0
ORmortbayjettyMatch6.1.6rc1
ORmortbayjettyMatch6.1.7
ORmortbayjettyMatch6.1.8
ORmortbayjettyMatch6.1.9
ORmortbayjettyMatch6.1.10
ORmortbayjettyMatch6.1.11
ORmortbayjettyMatch6.1.12
ORmortbayjettyMatch6.1.12rc1
ORmortbayjettyMatch6.1.12rc2
ORmortbayjettyMatch6.1.12rc3
ORmortbayjettyMatch6.1.12rc4
ORmortbayjettyMatch6.1.12rc5
ORmortbayjettyMatch6.1.14
ORmortbayjettyMatch6.1.15
ORmortbayjettyMatch6.1.15pre0
ORmortbayjettyMatch6.1.15rc2
ORmortbayjettyMatch6.1.15rc3
ORmortbayjettyMatch6.1.15rc4
ORmortbayjettyMatch6.1.15rc5
ORmortbayjettyMatch6.1.16
ORmortbayjettyMatch6.1.19
ORmortbayjettyMatch6.1.20
ORmortbayjettyMatch7.0.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:*:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:alpha0:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:alpha1:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:alpha2:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:alpha3:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:beta0:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:beta1:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:beta10:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:beta11:*:*:*:*:*:* |
| mortbay | jetty | 6.0.0 | cpe:2.3:a:mortbay:jetty:6.0.0:beta12:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2010-01-13 20:30:00
nvd
nvd
CVE-2009-4609
2010-01-13 20:30:00
cvelist
cvelist
CVE-2009-4609
2010-01-13 20:00:00
ubuntucve
ubuntucve
CVE-2009-4609
2010-01-13 00:00:00
veracode
veracode
Information Disclosure
2019-03-25 08:40:43
openvas
openvas
Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check
2010-02-02 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.005
Percentile
77.1%
Related for CVE-2009-4609