Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mortbay | Jetty | 6.0.0 |
Related Weaknesses (CWE)
References
- http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txtExploit
- http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txtExploit
FAQ
What is CVE-2009-4610?
CVE-2009-4610 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Du...
How severe is CVE-2009-4610?
CVE-2009-4610 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4610?
Check the references section above for vendor advisories and patch information. Affected products include: Mortbay Jetty.