thr3ads.net - Secure testing team - [Secure-testing-team] Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Mar-29 09:21 UTC

[Secure-testing-team] Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities

Package: jetty
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.

CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote
| attackers to inject arbitrary web script or HTML via the PATH_INFO to
| the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3)
| jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4612
    http://security-tracker.debian.org/tracker/CVE-2009-4612


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuwcRIACgkQNxpp46476aqFQACfZT/VLAtvNsFzBdrp3PfkyT+7
wO0An1n6VphW/zuRRLhhZhwstA40+k28
=ExF3
-----END PGP SIGNATURE-----

Secure testing team - Mar 2010 - Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities

[Secure-testing-team] Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities