CVE-2007-6672

EPSS 1.1%

Mortbay Jetty Double Slash URI Information Disclosure Vulnerability

Published: 5/1/2022Modified: 12/6/2024

Description

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple `/` (slash) characters in the URI.

Affected packages (1)

Maven/org.mortbay.jetty:jetty>= 6.1.5, < 6.1.7

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-6672
WEBhttps://web.archive.org/web/20080113051254/http://www.kb.cert.org/vuls/id/553235
WEBhttps://web.archive.org/web/20080120225723/http://jira.codehaus.org/browse/JETTY-386
WEBhttps://web.archive.org/web/20080120225728/http://jira.codehaus.org/browse/JETTY/fixforversion/13950
WEBhttps://web.archive.org/web/20080517012615/http://www.securityfocus.com/bid/27117