Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2009-4611

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.2%
CVSS Severity
CVSS v2 Score 7.5
Products affected by CVE-2009-4611
  • Mortbay » Jetty » Version: 6.0.0
    cpe:2.3:a:mortbay:jetty:6.0.0
  • Mortbay » Jetty » Version: 6.0.1
    cpe:2.3:a:mortbay:jetty:6.0.1
  • Mortbay » Jetty » Version: 6.0.2
    cpe:2.3:a:mortbay:jetty:6.0.2
  • Mortbay » Jetty » Version: 6.1.0
    cpe:2.3:a:mortbay:jetty:6.1.0
  • Mortbay » Jetty » Version: 6.1.1
    cpe:2.3:a:mortbay:jetty:6.1.1
  • Mortbay » Jetty » Version: 6.1.10
    cpe:2.3:a:mortbay:jetty:6.1.10
  • Mortbay » Jetty » Version: 6.1.11
    cpe:2.3:a:mortbay:jetty:6.1.11
  • Mortbay » Jetty » Version: 6.1.12
    cpe:2.3:a:mortbay:jetty:6.1.12
  • Mortbay » Jetty » Version: 6.1.14
    cpe:2.3:a:mortbay:jetty:6.1.14
  • Mortbay » Jetty » Version: 6.1.15
    cpe:2.3:a:mortbay:jetty:6.1.15
  • Mortbay » Jetty » Version: 6.1.16
    cpe:2.3:a:mortbay:jetty:6.1.16
  • Mortbay » Jetty » Version: 6.1.19
    cpe:2.3:a:mortbay:jetty:6.1.19
  • Mortbay » Jetty » Version: 6.1.2
    cpe:2.3:a:mortbay:jetty:6.1.2
  • Mortbay » Jetty » Version: 6.1.20
    cpe:2.3:a:mortbay:jetty:6.1.20
  • Mortbay » Jetty » Version: 6.1.3
    cpe:2.3:a:mortbay:jetty:6.1.3
  • Mortbay » Jetty » Version: 6.1.4
    cpe:2.3:a:mortbay:jetty:6.1.4
  • Mortbay » Jetty » Version: 6.1.5
    cpe:2.3:a:mortbay:jetty:6.1.5
  • Mortbay » Jetty » Version: 6.1.6
    cpe:2.3:a:mortbay:jetty:6.1.6
  • Mortbay » Jetty » Version: 6.1.7
    cpe:2.3:a:mortbay:jetty:6.1.7
  • Mortbay » Jetty » Version: 6.1.8
    cpe:2.3:a:mortbay:jetty:6.1.8
  • Mortbay » Jetty » Version: 6.1.9
    cpe:2.3:a:mortbay:jetty:6.1.9
  • Mortbay » Jetty » Version: 7.0.0
    cpe:2.3:a:mortbay:jetty:7.0.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved