GHSA-fvh3-4v5r-cvvc

Source

https://github.com/advisories/GHSA-fvh3-4v5r-cvvc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fvh3-4v5r-cvvc/GHSA-fvh3-4v5r-cvvc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fvh3-4v5r-cvvc

Aliases

CVE-2007-5614

Published

2022-05-01T18:35:01Z

Modified

2023-11-08T03:56:48.986632Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

Improper Authentication in Mortbay Jetty

Details

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

Database specific

{
    "nvd_published_at": "2007-12-05T11:46:00Z",
    "github_reviewed_at": "2022-06-08T22:32:50Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-287"
    ]
}

References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name: org.mortbay.jetty:jetty; View open source insights on deps.dev
Purl: pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.6

Affected versions

4.*

4.1-rc1

4.1-rc6

4.2.2

4.2.3

4.2.9

4.2.10

4.2.12

6.*

6.0.0Beta1

6.0.0beta1

6.0.0beta2

6.0.0beta3

6.0.0beta4

6.0.0beta5

6.0.0beta6

6.0.0beta7

6.0.0beta8

6.0.0beta9

6.0.0beta10

6.0.0beta11

6.0.0beta12

6.0.0beta14

6.0.0beta15

6.0.0beta16

6.0.0beta17

6.0.0rc0

6.0.0rc1

6.0.0rc2

6.0.0rc3

6.0.0rc4

6.0.0

6.0.1

6.0.2

6.1.0rc0

6.1.0rc1

6.1.0rc2

6.1.0rc3

6.1.0

6.1H.4-beta

6.1H.4rc1

6.1H.5-beta

6.1H.6

6.1H.7

6.1H.8

6.1H.10

6.1H.14

6.1H.14.1

6.1H.22

6.1.0pre0

6.1.0pre1

6.1.0pre2

6.1.0pre3

6.1.1rc0

6.1.1rc1

6.1.1

6.1.2rc0

6.1.2rc1

6.1.2rc2

6.1.2rc4

6.1.2rc5

6.1.2

6.1.2pre0

6.1.2pre1

6.1.3

6.1.4rc0

6.1.4rc1

6.1.4

6.1.5rc0

6.1.5

6.1.6rc0

6.1.6rc1