FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jetty -- multiple vulnerabilities

Affected packages
jetty < 6.1.6

Details

VuXML ID 6ae7cef2-a6ae-11dc-95e6-000c29c5647f
Discovery 2007-12-05
Entry 2007-12-10

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

References

CERT/CC Vulnerability Note 212984
CERT/CC Vulnerability Note 237888
CERT/CC Vulnerability Note 438616
CVE Name CVE-2007-5613
CVE Name CVE-2007-5614
CVE Name CVE-2007-5615
URL http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt