CVE-2006-2758

EPSS 1.6%

Jetty Directory Traversal Vulnerability

Published: 5/1/2022Modified: 11/28/2024

Description

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a `%2e%2e%5c` (encoded `../`) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

Affected packages (1)

Maven/org.mortbay.jetty:jettyfrom 0, <= 6.0.beta16

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2006-2758
PATCHhttps://github.com/jetty-project/codehaus-jetty6
WEBhttps://web.archive.org/web/20200302050157/http://securitytracker.com/id?1016168