CVE-2002-1533

EPSS 5.2%

Jetty Javascript Inclusion Vulnerability

Published: 4/30/2022Modified: 11/28/2024

Description

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (`%0a`).

Affected packages (1)

Maven/org.mortbay.jetty:jettyfrom 0, < 4.1.1

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2002-1533
WEBhttps://web.archive.org/web/20040705203137/http://xforce.iss.net/xforce/xfdb/10219
WEBhttps://web.archive.org/web/20041213153950/http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html
WEBhttps://web.archive.org/web/20061020173202/http://www.securityfocus.com/bid/5821