Page 4 of 46 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. Una vulnerabilidad de tipo XSS de JSP Dump y Session Dump Servlet en jetty versiones anteriores a la versión 6.1.22. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5046 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Dump Servlet information leak in jetty before 6.1.22. Un volcado de información del servlet en jetty versiones anteriores a la versión 6.1.22. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5045 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

WebApp JSP Snoop page XSS in jetty though 6.1.21. Una vulnerabilidad de tipo XSS de la página WebSpp JSP Snoop en jetty versiones hasta 6.1.21. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5049 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. Una vulnerabilidad de tipo XSS almacenado en Cookie Dump Servlet en jetty versiones hasta 6.1.20. • http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt https://security-tracker.debian.org/tracker/CVE-2009-5048 https://www.openwall.com/lists/oss-security/2011/01/14/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 1%CPEs: 55EXPL: 0

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories. En Eclipse Jetty versión 9.2.27, versión 9.3.26 y versión 9.4.16 , el servidor que es ejecutado en Windows es vulnerable a la exposición del nombre del directorio Base Resource totalmente calificado en Windows a un cliente remoto cuando está configurado para mostrar un contenido de listado de directorios (Listing of directory). Esta información revelada está restringida solo al contenido en los directorios de recursos base configurados • https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576 https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E https://security.netapp.com/advisory/ntap-20190509-0003 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-213: Exposure of Sensitive Information Due to Incompatible Policies •