Vulnerability Note VU#553235
Jetty fails to properly process URLs that contain double / characters
The Jetty web server contains a vulnerability that may allow an attacker to access private files or directories.
Jetty is a web server that is implemented in Java. Jetty contains a vulnerability in the way it processes URLs with multiple "/" (slash) characters. See the Jetty Double slash problem bug report for more information.
A remote unauthenticated attacker may be able view hidden or private files and directories.
Jetty version 6.1.7 has been released to address this issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mort Bay||Affected||-||03 Jan 2008|
CVSS Metrics (Learn More)
Thanks to Greg Wilkins for reporting this vulnerability and for providing information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-6672
- Date Public: 28 Dec 2007
- Date First Published: 03 Jan 2008
- Date Last Updated: 23 Jan 2008
- Severity Metric: 2.64
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.