← Back

Jetty

jetty

Vendor: Mortbay Jetty • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-6672
1Mortbay Jetty
1Jetty
Apr 23, 2026
Jan 8, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
CVE-2007-5615
1Mortbay Jetty
1Jetty
Apr 23, 2026
Dec 5, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2007-5614
1Mortbay Jetty
1Jetty
Apr 23, 2026
Dec 5, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
CVE-2007-5613
1Mortbay Jetty
1Jetty
Apr 23, 2026
Dec 5, 2007
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.