Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

FreeBSD Ports: jetty

Information

Severity

Severity

High

Family

Family

FreeBSD Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

15 years ago

Modified

Modified

7 years ago

Share

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Insight

Insight

The following package is affected: jetty CVE-2007-5613 Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. CVE-2007-5614 Mortbay Jetty before 6.1.6rc1 does not properly handle 'certain quote sequences' in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. CVE-2007-5615 CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Solution

Solution

Update your system with the appropriate patches or software upgrades. http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt http://www.vuxml.org/freebsd/6ae7cef2-a6ae-11dc-95e6-000c29c5647f.html

Common Vulnerabilities and Exposures (CVE)