ID CVE-2007-5614
Summary Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:mortbay_jetty:jetty:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:5:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:5:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:6:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:6:*:*:*:*:*:*:*
  • cpe:2.3:a:mortbay_jetty:jetty:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mortbay_jetty:jetty:6.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-06-2009 - 05:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 26695
cert-vn VU#438616
confirm http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
fedora
  • FEDORA-2008-6141
  • FEDORA-2008-6164
osvdb 42496
secunia
  • 27925
  • 30941
  • 35143
Last major update 10-06-2009 - 05:09
Published 05-12-2007 - 11:46
Last modified 10-06-2009 - 05:09
Back to Top