Lucene search

[email protected]NVD:CVE-2009-3579

HistoryOct 07, 2009 - 5:30 p.m.

CVE-2009-3579

2009-10-0717:30:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

Affected configurations

Nvd

Node

mortbayjettyMatch6.1.19

mortbayjettyMatch6.1.20

VendorProductVersionCPE
mortbayjetty6.1.19cpe:2.3:a:mortbay:jetty:6.1.19:*:*:*:*:*:*:*
mortbayjetty6.1.20cpe:2.3:a:mortbay:jetty:6.1.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mortbay	jetty	6.1.19	cpe:2.3:a:mortbay:jetty:6.1.19:::::::*
mortbay	jetty	6.1.20	cpe:2.3:a:mortbay:jetty:6.1.20:::::::*

References

www.coresecurity.com/content/jetty-persistent-xss

www.securityfocus.com/archive/1/507013/100/0/threaded

www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.002

Percentile

57.6%

JSON

Related for NVD:CVE-2009-3579

nessus1 cvelist1 openvas1 prion1 ubuntucve1 cve1