Jetty is vulnerable to directory traversal. A remote attacker is able to retrieve contents of JSP pages via URL-encoded backslash character %5C
.
secunia.com/advisories/17659
secunia.com/advisories/22669
sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322
www.securityfocus.com/archive/1/450315/100/0/threaded
www.securityfocus.com/bid/15515
www.vupen.com/english/advisories/2005/2515
www.securityfocus.com/archive/1/450315/100/0/threaded