CVE-2007-6672

Sažetak

Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.

Reference

http://jira.codehaus.org/browse/JETTY/fixforversion/13950
http://jira.codehaus.org/browse/JETTY-386#action_117699
http://osvdb.org/39855
http://secunia.com/advisories/28322
http://secunia.com/advisories/28547
http://www.igniterealtime.org/community/message/163752
http://www.kb.cert.org/vuls/id/553235
http://www.securityfocus.com/bid/27117
http://www.vupen.com/english/advisories/2008/0079

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

30-10-2012 - 03:04

Objavljeno

08-01-2008 - 11:46