Bug#454529: two more CVEs
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Dec 5 22:45:41 UTC 2007
Hi
There have been two more CVEs[0][1] for jetty:
CVE-2007-5613:
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty
before 6.1.6rc1 allows remote attackers to inject arbitrary web script or
HTML via unspecified parameters and cookies.
CVE-2007-5614:
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote
sequences" in HTML cookie parameters, which allows remote attackers to hijack
browser sessions via unspecified vectors.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5613
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5614
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20071205/0a1acdae/attachment.pgp
More information about the pkg-java-maintainers
mailing list