CVE-2009-5049
https://notcve.org/view.php?id=CVE-2009-5049
WebApp JSP Snoop page XSS in jetty though 6.1.21. Una vulnerabilidad de tipo XSS de la página WebSpp JSP Snoop en jetty versiones hasta 6.1.21. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5049 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-5048
https://notcve.org/view.php?id=CVE-2009-5048
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. Una vulnerabilidad de tipo XSS almacenado en Cookie Dump Servlet en jetty versiones hasta 6.1.20. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5048 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4461 – jetty: hash table collisions CPU usage DoS (oCERT-2011-003)
https://notcve.org/view.php?id=CVE-2011-4461
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Jetty v8.1.0.RC2 y anteriores calcula los valores hash de los parámetros de forma, sin restringir la capacidad de desencadenar colisiones hash predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de gran cantidad de parámetros a mano. • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://marc.info/?l=bugtraq&m=143387688830075&w=2 http://secunia.com/advisories/47408 http://secunia.com/advisories/48981 http://www.kb.cert.org/vuls/id/903934 http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http • CWE-310: Cryptographic Issues •
CVE-2009-4610 – jetty 6.x < 7.x - Cross-Site Scripting / Information Disclosure / Injection
https://notcve.org/view.php?id=CVE-2009-4610
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Mort Bay Jetty v6.x y v7.0.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) una petición de cadena a jsp/dump.jsp en la característica JSP Dump o el (2) Name o (3) el parámetro Value a la URI por defecto para el Session Dump Servlet bajo session/. • https://www.exploit-db.com/exploits/9887 http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4612 – Jetty 6.1.x - JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4612
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en WebApp JSP Snoop page en Mort Bay Jetty v6.1.x a la v6.1.21, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de PATH_INFO a la URI por defecto bajo (1) jspsnoop/, (2) jspsnoop/ERROR/, y (3) jspsnoop/IOException/, y posiblemente a (4) snoop.jsp. • https://www.exploit-db.com/exploits/33564 http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •