The Mortbay Jetty Dump Servlet contains a cross-site scripting vulnerability.
Mortbay Jetty is a web server that is written in Java. The Dump Servlet that is included with Jetty is vulnerable to cross-site scripting. Note that according to the vendor, the Dump Servlet is for testing purposes and is not intended to be included in a live web site.
A remote, unauthenticated attacker may be able to perform a cross-site scripting attack against a Jetty web server. More information about cross-site scripting can be found in CERT Advisory CA-2000-02.
Apply an update
Thanks to Tomasz Kuczynski for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2007-12-04|
|Date Last Updated:||2007-12-04 04:04 UTC|