CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2759
https://notcve.org/view.php?id=CVE-2006-2759
02 Jun 2006 — jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. • http://securitytracker.com/id?1016168 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2006-2758 – promise webpam 2.2.0.13 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2758
02 Jun 2006 — Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. • https://www.exploit-db.com/exploits/18571 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 15%CPEs: 240EXPL: 1CVE-2005-3747 – promise webpam 2.2.0.13 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3747
22 Nov 2005 — Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758. Vulnerabilidad no especificada en Jetty anteriores a 5.1.6 permite a atacantes remotos obtener el código fuente de páginas JSP, posiblemente implicando peticiones de ficheros .jsp con caractéres contra barra URL-codificado ("%C"). NOTA: puede tratarse la misma ... • https://www.exploit-db.com/exploits/18571 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2002-1533 – Jetty 4.1 Servlet Engine - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1533
18 Mar 2003 — Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Jetty JSP servlet engine permite a atacantes remotos insertar HTML arbitrario o rutinas vía petición HTTP a un fichero .jsp cuyo nombre contiene la rutina maliciosa y algunos caracteres de nueva ... • https://www.exploit-db.com/exploits/21875 •