CVE-2009-1523
MEDIUM5.3EPSS 12.2%Directory traversal in Mort Bay Jetty
發布日:2022/5/2修改日:2024/2/16
描述
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
受影響套件(1)
- Maven/org.mortbay.jetty:jettyfrom 0, < 6.1.17
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-1523
- WEBhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- WEBhttp://jira.codehaus.org/browse/JETTY-1004
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=499867
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
- WEBhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
- WEBhttp://www.kb.cert.org/vuls/id/402580
- WEBhttp://www.kb.cert.org/vuls/id/CRDY-7RKQCY
- WEBhttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- WEBhttp://www.securityfocus.com/bid/34800
- WEBhttp://www.securityfocus.com/bid/35675
- WEBhttp://www.securitytracker.com/id?1022563
- WEBhttp://www.vupen.com/english/advisories/2009/1900
- WEBhttp://www.vupen.com/english/advisories/2010/1792