Mortbay Jetty

mortbay_jetty

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-6672 1Mortbay Jetty 1Jetty Apr 23, 2026 Jan 8, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
CVE-2007-5615 1Mortbay Jetty 1Jetty Apr 23, 2026 Dec 5, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2007-5614 1Mortbay Jetty 1Jetty Apr 23, 2026 Dec 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
CVE-2007-5613 1Mortbay Jetty 1Jetty Apr 23, 2026 Dec 5, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.