GHSA-9986-w5h5-vw59
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9986-w5h5-vw59
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9986-w5h5-vw59/GHSA-9986-w5h5-vw59.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9986-w5h5-vw59
- Aliases
-
- CVE-2009-1523
- Published
- 2022-05-02T03:26:04Z
- Modified
- 2024-02-16T08:15:58.735824Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Directory traversal in Mort Bay Jetty
- Details
-
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
- Database specific
{ "nvd_published_at": "2009-05-05T17:30:00Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-03T17:32:50Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-1523
- https://bugzilla.redhat.com/show_bug.cgi?id=499867
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
- https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- http://jira.codehaus.org/browse/JETTY-1004
- http://www.kb.cert.org/vuls/id/402580
- http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.securityfocus.com/bid/34800
- http://www.securityfocus.com/bid/35675
- http://www.securitytracker.com/id?1022563
- http://www.vupen.com/english/advisories/2009/1900
- http://www.vupen.com/english/advisories/2010/1792
Affected packages
Maven / org.mortbay.jetty:jetty
Package
- Name
- org.mortbay.jetty:jetty
- View open source insights on deps.dev
- Purl
- pkg:maven/org.mortbay.jetty/jetty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.17
Affected versions
4.*
4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12
6.*
6.0.0Beta1
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4
6.0.0
6.0.1
6.0.2
6.1.0rc0
6.1.0rc1
6.1.0rc2
6.1.0rc3
6.1.0
6.1H.4-beta
6.1H.4rc1
6.1H.5-beta
6.1H.6
6.1H.7
6.1H.8
6.1H.10
6.1H.14
6.1H.14.1
6.1H.22
6.1.0pre0
6.1.0pre1
6.1.0pre2
6.1.0pre3
6.1.1rc0
6.1.1rc1
6.1.1
6.1.2rc0
6.1.2rc1
6.1.2rc2
6.1.2rc4
6.1.2rc5
6.1.2
6.1.2pre0
6.1.2pre1
6.1.3
6.1.4rc0
6.1.4rc1
6.1.4
6.1.5rc0
6.1.5
6.1.6rc0
6.1.6rc1
6.1.6
6.1.7
6.1.8
6.1.9
6.1.10
6.1.11
6.1.12.rc2
6.1.12.rc3
6.1.12.rc4
6.1.12.rc5
6.1.12rc1
6.1.12
6.1.14
6.1.15.rc2
6.1.15.rc3
6.1.15.rc4
6.1.15.rc5
6.1.15
6.1.15.pre0
6.1.16
Maven / org.mortbay.jetty:jetty
Package
- Name
- org.mortbay.jetty:jetty
- View open source insights on deps.dev
- Purl
- pkg:maven/org.mortbay.jetty/jetty