Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2009-4612
HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4612

2022-10-0316:24:05
CWE-79
[email protected]
web.nvd.nist.gov
43
cve-2009-4612
xss
cross-site scripting
vulnerability
webapp
jsp
snoop
mort bay jetty

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

Affected configurations

NVD
Node
mortbayjettyMatch6.1.0
OR
mortbayjettyMatch6.1.0pre0
OR
mortbayjettyMatch6.1.0pre1
OR
mortbayjettyMatch6.1.0pre2
OR
mortbayjettyMatch6.1.0pre3
OR
mortbayjettyMatch6.1.0rc0
OR
mortbayjettyMatch6.1.0rc1
OR
mortbayjettyMatch6.1.0rc2
OR
mortbayjettyMatch6.1.0rc3
OR
mortbayjettyMatch6.1.1
OR
mortbayjettyMatch6.1.1rc0
OR
mortbayjettyMatch6.1.2
OR
mortbayjettyMatch6.1.2pre0
OR
mortbayjettyMatch6.1.2pre1
OR
mortbayjettyMatch6.1.2rc0
OR
mortbayjettyMatch6.1.2rc1
OR
mortbayjettyMatch6.1.2rc2
OR
mortbayjettyMatch6.1.2rc3
OR
mortbayjettyMatch6.1.2rc4
OR
mortbayjettyMatch6.1.2rc5
OR
mortbayjettyMatch6.1.3
OR
mortbayjettyMatch6.1.4
OR
mortbayjettyMatch6.1.4rc0
OR
mortbayjettyMatch6.1.4rc1
OR
mortbayjettyMatch6.1.5
OR
mortbayjettyMatch6.1.5rc0
OR
mortbayjettyMatch6.1.6
OR
mortbayjettyMatch6.1.6rc0
OR
mortbayjettyMatch6.1.6rc1
OR
mortbayjettyMatch6.1.7
OR
mortbayjettyMatch6.1.8
OR
mortbayjettyMatch6.1.9
OR
mortbayjettyMatch6.1.10
OR
mortbayjettyMatch6.1.11
OR
mortbayjettyMatch6.1.12
OR
mortbayjettyMatch6.1.12rc1
OR
mortbayjettyMatch6.1.12rc2
OR
mortbayjettyMatch6.1.12rc3
OR
mortbayjettyMatch6.1.12rc4
OR
mortbayjettyMatch6.1.12rc5
OR
mortbayjettyMatch6.1.14
OR
mortbayjettyMatch6.1.15
OR
mortbayjettyMatch6.1.15pre0
OR
mortbayjettyMatch6.1.15rc2
OR
mortbayjettyMatch6.1.15rc3
OR
mortbayjettyMatch6.1.15rc4
OR
mortbayjettyMatch6.1.15rc5
OR
mortbayjettyMatch6.1.16
OR
mortbayjettyMatch6.1.19
OR
mortbayjettyMatch6.1.20
OR
mortbayjettyMatch6.1.21

Related

prion 1
veracode 1
cvelist 1
openvas 2
nessus 1
nvd 1
ubuntucve 1
ibm 2
prion
prion
Cross site scripting
2010-01-13 20:30:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-07-08 10:31:45
cvelist
cvelist
CVE-2009-4612
2022-10-03 16:24:05
openvas
openvas
Mort Bay Jetty 6.x <= 6.1.21 Multiple XSS Vulnerabilities - Active Check
2010-02-02 00:00:00
Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check
2010-02-02 00:00:00
nessus
nessus
Mort Bay Jetty Multiple XSS
2010-01-26 00:00:00
nvd
nvd
CVE-2009-4612
2010-01-13 20:30:00
ubuntucve
ubuntucve
CVE-2009-4612
2010-01-13 00:00:00
ibm
ibm
Security Bulletin: Jetty vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2011-4461, CVS-2009-4612, CVE-2009-4611, CVE-2009-4610, CVS-2009-4609, CVE-2009-1524, CVE-2009-1523)
2020-02-11 18:29:33
Security Bulletin: Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.
2022-09-19 20:54:31

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.9%

JSON
Related for CVE-2009-4612
prion1veracode1cvelist1openvas2nessus1nvd1ubuntucve1ibm2