GHSA-cwq3-qp8v-w8q3

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwq3-qp8v-w8q3/GHSA-cwq3-qp8v-w8q3.json

Aliases

CVE-2005-3747

Published

2022-05-01T02:20:38Z

Modified

2023-09-19T00:01:28.373400Z

Details

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (%5C) characters. NOTE: this might be the same issue as CVE-2006-2758.

References

https://nvd.nist.gov/vuln/detail/CVE-2005-3747
http://sourceforge.net/project/shownotes.php?release_id=372086&group_id=7322
http://www.securityfocus.com/archive/1/450315/100/0/threaded
http://www.securityfocus.com/bid/15515

Affected packages

Maven / org.mortbay.jetty:jetty

Source Details

Package Name: org.mortbay.jetty:jetty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

5.1.6

Affected versions

4.*

4.1-rc1

4.1-rc6

4.2.2

4.2.3

4.2.9

4.2.10

4.2.12

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}