GHSA-mq4x-8whh-jx73
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mq4x-8whh-jx73
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mq4x-8whh-jx73/GHSA-mq4x-8whh-jx73.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mq4x-8whh-jx73
- Aliases
-
- CVE-2006-2759
- Published
- 2022-05-01T07:02:10Z
- Modified
- 2023-11-08T03:56:46.786542Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Improper Input Validation in Mortbay Jetty
- Details
-
jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
- Database specific
{ "nvd_published_at": "2006-06-02T01:02:00Z", "github_reviewed_at": "2022-06-08T22:32:53Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }- References
Affected packages
Maven / org.mortbay.jetty:jetty
Package
- Name
- org.mortbay.jetty:jetty
- View open source insights on deps.dev
- Purl
- pkg:maven/org.mortbay.jetty/jetty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.0
Affected versions
4.*
4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12
6.*
6.0.0Beta1
6.0.0beta1
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4