GHSA-4jjw-xrr6-9v3p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4jjw-xrr6-9v3p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4jjw-xrr6-9v3p/GHSA-4jjw-xrr6-9v3p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4jjw-xrr6-9v3p
- Aliases
-
- CVE-2007-6672
- Published
- 2022-05-01T18:45:22Z
- Modified
- 2024-12-06T05:26:52.443882Z
- Summary
- Mortbay Jetty Double Slash URI Information Disclosure Vulnerability
- Details
-
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple
/(slash) characters in the URI. - Database specific
{ "nvd_published_at": "2008-01-08T11:46:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-22T23:30:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-6672
- https://web.archive.org/web/20080113051254/http://www.kb.cert.org/vuls/id/553235
- https://web.archive.org/web/20080120225723/http://jira.codehaus.org/browse/JETTY-386
- https://web.archive.org/web/20080120225728/http://jira.codehaus.org/browse/JETTY/fixforversion/13950
- https://web.archive.org/web/20080517012615/http://www.securityfocus.com/bid/27117
Affected packages
Maven / org.mortbay.jetty:jetty
Package
- Name
- org.mortbay.jetty:jetty
- View open source insights on deps.dev
- Purl
- pkg:maven/org.mortbay.jetty/jetty