FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jetty -- multiple vulnerability

Affected packages
jetty < 6.1.7

Details

VuXML ID 0832ee18-cf77-11dc-8c6a-00304881ac9a
Discovery 2007-12-22
Entry 2008-02-04

Greg Wilkins reports:

jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI.

[source]

References

Bugtraq ID 27117
CVE Name CVE-2007-6672
URL http://jira.codehaus.org/browse/JETTY-386#action_117699

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.