CVE Vulnerability

CVE-2007-6672

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://jira.codehaus.org/browse/JETTY-386#action_117699
http://jira.codehaus.org/browse/JETTY/fixforversion/13950
http://www.kb.cert.org/vuls/id/553235 US Government Resource
http://www.securityfocus.com/bid/27117
http://secunia.com/advisories/28322 Vendor Advisory
http://www.igniterealtime.org/community/message/163752
http://secunia.com/advisories/28547
http://www.vupen.com/english/advisories/2008/0079
http://osvdb.org/39855
Configurations

Configuration 1

cpe:2.3:a:mortbay_jetty:jetty:6.1.6:*:*:*:*:*:*:*
cpe:2.3:a:mortbay_jetty:jetty:6.1.5:*:*:*:*:*:*:*
Information

Published : 2008-01-08 11:46

Updated : 2012-10-30 03:04

NVD link : CVE-2007-6672

Mitre link : CVE-2007-6672

Products Affected
No products.
CWE
CWE-22