CVE-2007-5614 Information

Description

Mortbay Jetty before 6.1.6rc1 does not properly handle \certain quote sequences\ in HTML cookie parameters which allows remote attackers to hijack browser sessions via unspecified vectors.

Reference

http://osvdb.org/42496 http://secunia.com/advisories/27925 http://secunia.com/advisories/30941 http://secunia.com/advisories/35143 http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt http://www.kb.cert.org/vuls/id/438616 http://www.securityfocus.com/bid/26695 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html