CVE-2009-1523 Information
Share on:Description
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14 6.x before 6.1.17 and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Reference
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388 http://jira.codehaus.org/browse/JETTY-1004 http://secunia.com/advisories/34975 http://secunia.com/advisories/35143 http://secunia.com/advisories/35225 http://secunia.com/advisories/35776 http://secunia.com/advisories/40553 http://www.kb.cert.org/vuls/id/402580 http://www.kb.cert.org/vuls/id/CRDY-7RKQCY http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html http://www.securityfocus.com/bid/34800 http://www.securityfocus.com/bid/35675 http://www.securitytracker.com/id?1022563 http://www.vupen.com/english/advisories/2009/1900 http://www.vupen.com/english/advisories/2010/1792 https://bugzilla.redhat.com/show_bug.cgi?id=499867 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html