National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mortbay_jetty:jetty:6.1
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2007-5613

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

Published: December 05, 2007; 06:46:00 AM -05:00
V2: 4.3 MEDIUM
CVE-2007-5614

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

Published: December 05, 2007; 06:46:00 AM -05:00
V2: 7.5 HIGH
CVE-2007-5615

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Published: December 05, 2007; 06:46:00 AM -05:00
V2: 5.0 MEDIUM