Lucene search

GitHub Advisory DatabaseGHSA-QMGJ-5H75-JR67

HistoryMay 01, 2022 - 7:02 a.m.

Jetty Directory Traversal Vulnerability

2022-05-0107:02:10

CWE-22

GitHub Advisory Database

github.com

jetty

directory traversal

remote attackers

arbitrary files

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

Affected configurations

Vulners

Node

org.mortbay.jettyjettyRange≤6.0.beta16

VendorProductVersionCPE
org.mortbay.jettyjetty*cpe:2.3:a:org.mortbay.jetty:jetty:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
org.mortbay.jetty	jetty	*	cpe:2.3:a:org.mortbay.jetty:jetty::::::::

References

github.com/advisories/GHSA-qmgj-5h75-jr67

nvd.nist.gov/vuln/detail/CVE-2006-2758

web.archive.org/web/20200302050157/securitytracker.com/id?1016168

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.6%

JSON

Related for GHSA-QMGJ-5H75-JR67