U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): jetty
  • Search Type: Search All
There are 63 matching records.
Displaying matches 61 through 63.
Vuln ID Summary CVSS Severity
CVE-2004-2478

Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2002-1533

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).

Published: March 31, 2003; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2002-1178

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.

Published: October 11, 2002; 12:00:00 AM -0400 		V3.x:(not available)
 V2.0: 5.0 MEDIUM