thr3ads.net - Secure testing team - [Secure-testing-team] Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Mar-29 09:25 UTC

[Secure-testing-team] Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities

Package: jetty
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.

CVE-2009-4610[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty
| 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or
| HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature,
| or the (2) Name or (3) Value parameter to the default URI for the
| Session Dump Servlet under session/.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4610
    http://security-tracker.debian.org/tracker/CVE-2009-4610


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuwcgcACgkQNxpp46476aooGACfRAQ+Lv/EALknfgtlij4HEInk
TBYAnRyPlkiNxHrTyjdAmy/ln8y9frY9
=Yfen
-----END PGP SIGNATURE-----

Secure testing team - Mar 2010 - Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities

[Secure-testing-team] Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities