Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
jira.codehaus.org/browse/JETTY-1004
www.kb.cert.org/vuls/id/402580
www.kb.cert.org/vuls/id/CRDY-7RKQCY
www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
www.securityfocus.com/bid/34800
www.securityfocus.com/bid/35675
www.securitytracker.com/id?1022563
www.vupen.com/english/advisories/2009/1900
www.vupen.com/english/advisories/2010/1792
bugzilla.redhat.com/show_bug.cgi?id=499867
nvd.nist.gov/vuln/detail/CVE-2009-1523
www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html