CVE-2009-1523
MEDIUM5.3EPSS 12.2%Directory traversal in Mort Bay Jetty
Published: 5/2/2022Modified: 2/16/2024
Description
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Affected packages (1)
- Maven/org.mortbay.jetty:jettyfrom 0, < 6.1.17
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
References (15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-1523
- WEBhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- WEBhttp://jira.codehaus.org/browse/JETTY-1004
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=499867
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
- WEBhttp://www.kb.cert.org/vuls/id/402580
- WEBhttp://www.kb.cert.org/vuls/id/CRDY-7RKQCY
- WEBhttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- WEBhttp://www.securityfocus.com/bid/34800
- WEBhttp://www.securityfocus.com/bid/35675
- WEBhttp://www.securitytracker.com/id?1022563
- WEBhttp://www.vupen.com/english/advisories/2009/1900
- WEBhttp://www.vupen.com/english/advisories/2010/1792