SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2009-1523

Date: (C)2009-05-05 (M)2023-12-22

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE

Reference:

SECTRACK-1022563

FEDORA-2009-5500

FEDORA-2009-5509

FEDORA-2009-5513

http://jira.codehaus.org/browse/JETTY-1004

http://www.kb.cert.org/vuls/id/CRDY-7RKQCY

http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html

https://bugzilla.redhat.com/show_bug.cgi?id=499867

CPE 330

cpe:/a:mortbay:jetty:5.1.3:rc4
cpe:/a:mortbay:jetty:4.2.24:rc0
cpe:/a:mortbay:jetty:4.2.24:rc1
cpe:/a:mortbay:jetty:6.1.4:rc1
...

oval:org.secpod.oval:def:300754
oval:org.secpod.oval:def:101546
oval:org.secpod.oval:def:102346
oval:org.secpod.oval:def:102316
...

© SecPod Technologies