Vulnerability Description
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mortbay Jetty | Jetty | 1.0 |
References
- http://osvdb.org/42496
- http://secunia.com/advisories/27925
- http://secunia.com/advisories/30941
- http://secunia.com/advisories/35143
- http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
- http://www.kb.cert.org/vuls/id/438616PatchUS Government Resource
- http://www.securityfocus.com/bid/26695
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
- http://osvdb.org/42496
- http://secunia.com/advisories/27925
- http://secunia.com/advisories/30941
- http://secunia.com/advisories/35143
- http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
- http://www.kb.cert.org/vuls/id/438616PatchUS Government Resource
FAQ
What is CVE-2007-5614?
CVE-2007-5614 is a vulnerability with a CVSS score of 7.5 (HIGH). Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
How severe is CVE-2007-5614?
CVE-2007-5614 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5614?
Check the references section above for vendor advisories and patch information. Affected products include: Mortbay Jetty Jetty.