Web Servers : Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800286

Categoría: Web Servers

Título: Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check

Resumen: Mort Bay Jetty is prone to multiple vulnerabilities.

Descripción: Summary:
Mort Bay Jetty is prone to multiple vulnerabilities.

Vulnerability Insight:
Inputs passed to the query string to 'jsp/dump.jsp' and to Name
or Value parameter in 'Session Dump Servlet' is not properly sanitised before being returned to
the user.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute
arbitrary HTML and script code in a user's browser session and execute arbitrary commands or
overwrite files in the context of an affected site.

Affected Software/OS:
Mort Bay Jetty versions 6.0.0 through 7.0.0.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4609
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Common Vulnerability Exposure (CVE) ID: CVE-2009-4610
Common Vulnerability Exposure (CVE) ID: CVE-2009-4611
Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search)
http://www.securityfocus.com/archive/1/508830/100/0/threaded
http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4611
https://security-tracker.debian.org/tracker/CVE-2009-4611
Common Vulnerability Exposure (CVE) ID: CVE-2009-4612

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800286
Categoría:	Web Servers
Título:	Mort Bay Jetty 6.0.0 - 7.0.0 Multiple Vulnerabilities - Active Check
Resumen:	Mort Bay Jetty is prone to multiple vulnerabilities.
Descripción:	Summary: Mort Bay Jetty is prone to multiple vulnerabilities. Vulnerability Insight: Inputs passed to the query string to 'jsp/dump.jsp' and to Name or Value parameter in 'Session Dump Servlet' is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session and execute arbitrary commands or overwrite files in the context of an affected site. Affected Software/OS: Mort Bay Jetty versions 6.0.0 through 7.0.0. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4609 http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt Common Vulnerability Exposure (CVE) ID: CVE-2009-4610 Common Vulnerability Exposure (CVE) ID: CVE-2009-4611 Bugtraq: 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection (Google Search) http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.ush.it/team/ush/hack_httpd_escape/adv.txt https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4611 https://security-tracker.debian.org/tracker/CVE-2009-4611 Common Vulnerability Exposure (CVE) ID: CVE-2009-4612
Copyright	Copyright (C) 2010 Greenbone AG