Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers
Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an attacker to inject certain HTTP headers into server responses.
A remote, unauthenticated attacker may be able to perform a cross-site scripting attack, set cookies, or poison a proxy cache.
Apply an update
Thanks to Tomasz Kuczynski for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:
|Date Last Updated:
|2007-12-04 04:21 UTC