Bug#559765: jetty: CVE-2007-6672 info disclosure
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Dec 6 23:47:43 UTC 2009
Package: jetty
Version: 6.1.21-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2007-6672[0]:
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
| protection mechanisms and read the source of files via multiple '/'
| (slash) characters in the URI.
This may already be fixed. Some of the messages that are linked from
the mitre page indiced that supposedly this was to be fixed in 6.1.7,
but I was unable to track down patches to verify. Please check.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6672
http://security-tracker.debian.org/tracker/CVE-2007-6672
More information about the pkg-java-maintainers
mailing list