CVE-2007-5614
HIGH7.3EPSS 3.5%Improper Authentication in Mortbay Jetty
Published: 5/1/2022Modified: 11/8/2023
Description
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
Affected packages (1)
- Maven/org.mortbay.jetty:jettyfrom 0, < 6.1.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-5614
- PATCHhttps://github.com/eclipse/jetty.project
- WEBhttps://www.eclipse.org/jetty/about.php
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
- WEBhttp://www.kb.cert.org/vuls/id/438616