Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple /
(slash) characters in the URI.
CPE | Name | Operator | Version |
---|---|---|---|
org.mortbay.jetty:jetty | eq | 6.1.6rc0 | |
org.mortbay.jetty:jetty | eq | 6.1.5 | |
org.mortbay.jetty:jetty | eq | 6.1.6 | |
org.mortbay.jetty:jetty | eq | 6.1.6rc1 |
nvd.nist.gov/vuln/detail/CVE-2007-6672
web.archive.org/web/20080113051254/www.kb.cert.org/vuls/id/553235
web.archive.org/web/20080120225723/jira.codehaus.org/browse/JETTY-386
web.archive.org/web/20080120225728/jira.codehaus.org/browse/JETTY/fixforversion/13950
web.archive.org/web/20080517012615/www.securityfocus.com/bid/27117