CVE-2006-2758

描述

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a `%2e%2e%5c` (encoded `../`) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

受影響套件(1)

• Maven/org.mortbay.jetty:jettyfrom 0, <= 6.0.beta16

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2006-2758
• PATCHhttps://github.com/jetty-project/codehaus-jetty6
• WEBhttps://web.archive.org/web/20200302050157/http://securitytracker.com/id?1016168