Lucene search
GoogleOSV:GHSA-4JJW-XRR6-9V3PHistoryMay 01, 2022 - 6:45 p.m.
Mortbay Jetty Double Slash URI Information Disclosure Vulnerability
2022-05-0118:45:22
Google
osv.dev
13
0.007 Low
EPSS
Percentile
79.9%
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple / (slash) characters in the URI.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.mortbay.jetty:jetty | eq | 6.1.6rc0 | |
| org.mortbay.jetty:jetty | eq | 6.1.5 | |
| org.mortbay.jetty:jetty | eq | 6.1.6 | |
| org.mortbay.jetty:jetty | eq | 6.1.6rc1 |
References
nvd.nist.gov/vuln/detail/CVE-2007-6672
web.archive.org/web/20080113051254/www.kb.cert.org/vuls/id/553235
web.archive.org/web/20080120225723/jira.codehaus.org/browse/JETTY-386
web.archive.org/web/20080120225728/jira.codehaus.org/browse/JETTY/fixforversion/13950
web.archive.org/web/20080517012615/www.securityfocus.com/bid/27117
Related
veracode
veracode
Directory Traversal
2019-03-25 08:40:44
redhatcve
redhatcve
CVE-2007-6672
2019-10-04 21:29:56
nvd
nvd
CVE-2007-6672
2008-01-08 11:46:00
freebsd
freebsd
jetty -- multiple vulnerability
2007-12-22 00:00:00
nessus
nessus
Mort Bay Jetty URL Multiple Slash Character Information Disclosure
2008-01-07 00:00:00
openvas
openvas
FreeBSD Ports: jetty
2008-09-04 00:00:00
FreeBSD Ports: jetty
2008-09-04 00:00:00
FreeBSD Ports: jetty
2008-09-04 00:00:00
cert
cert
Jetty fails to properly process URLs that contain double / characters
2008-01-03 00:00:00
cve
cve
CVE-2007-6672
2008-01-08 11:46:00
github
github
Mortbay Jetty Double Slash URI Information Disclosure Vulnerability
2022-05-01 18:45:22
ubuntucve
ubuntucve
CVE-2007-6672
2008-01-08 00:00:00
prion
prion
Authentication flaw
2008-01-08 11:46:00
cvelist
cvelist
CVE-2007-6672
2008-01-08 11:00:00
