Download
| Alert*
|
oval:org.secpod.oval:def:1702020
For Eclipse Jetty versions less than= 9.4.40, less than= 10.0.2, less than= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml ... oval:org.secpod.oval:def:74572 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. oval:org.secpod.oval:def:605591 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. |
