GHSA-mq4x-8whh-jx73

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mq4x-8whh-jx73/GHSA-mq4x-8whh-jx73.json
Aliases
  • CVE-2006-2759
Published
2022-05-01T07:02:10Z
Modified
2022-08-15T08:57:07.669054Z
Details

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

References

Affected packages

Maven / org.mortbay.jetty:jetty

org.mortbay.jetty:jetty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
6.0.0

Affected versions

4.*

4.1-rc1
4.1-rc6
4.2.10
4.2.12
4.2.2
4.2.3
4.2.9

6.*

6.0.0Beta1
6.0.0beta1
6.0.0beta10
6.0.0beta11
6.0.0beta12
6.0.0beta14
6.0.0beta15
6.0.0beta16
6.0.0beta17
6.0.0beta2
6.0.0beta3
6.0.0beta4
6.0.0beta5
6.0.0beta6
6.0.0beta7
6.0.0beta8
6.0.0beta9
6.0.0rc0
6.0.0rc1
6.0.0rc2
6.0.0rc3
6.0.0rc4

test-6.*

test-6.0.0
test-6.0.0rc3
test-6.0.0rc4
test-6.0.1