Vulnerability Description
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mortbay | Jetty | <= 6.1.16 |
Related Weaknesses (CWE)
References
- http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- http://jira.codehaus.org/browse/JETTY-1004
- http://secunia.com/advisories/34975Vendor Advisory
- http://secunia.com/advisories/35143Vendor Advisory
- http://secunia.com/advisories/35225Vendor Advisory
- http://secunia.com/advisories/35776Vendor Advisory
- http://secunia.com/advisories/40553Vendor Advisory
- http://www.kb.cert.org/vuls/id/402580US Government Resource
- http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
- http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- http://www.securityfocus.com/bid/34800
- http://www.securityfocus.com/bid/35675
- http://www.securitytracker.com/id?1022563
- http://www.vupen.com/english/advisories/2009/1900Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1792Vendor Advisory
FAQ
What is CVE-2009-1523?
CVE-2009-1523 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal seq...
How severe is CVE-2009-1523?
CVE-2009-1523 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1523?
Check the references section above for vendor advisories and patch information. Affected products include: Mortbay Jetty.