CVE-2007-6672
EPSS 1.1%Mortbay Jetty Double Slash URI Information Disclosure Vulnerability
發布日:2022/5/1修改日:2024/12/6
描述
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple `/` (slash) characters in the URI.
受影響套件(1)
- Maven/org.mortbay.jetty:jetty>= 6.1.5, < 6.1.7
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-6672
- WEBhttps://web.archive.org/web/20080113051254/http://www.kb.cert.org/vuls/id/553235
- WEBhttps://web.archive.org/web/20080120225723/http://jira.codehaus.org/browse/JETTY-386
- WEBhttps://web.archive.org/web/20080120225728/http://jira.codehaus.org/browse/JETTY/fixforversion/13950
- WEBhttps://web.archive.org/web/20080517012615/http://www.securityfocus.com/bid/27117