Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities

Giuseppe Iuculano iuculano at debian.org
Mon Mar 29 09:25:29 UTC 2010


Package: jetty
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.

CVE-2009-4610[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty
| 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or
| HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature,
| or the (2) Name or (3) Value parameter to the default URI for the
| Session Dump Servlet under session/.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4610
    http://security-tracker.debian.org/tracker/CVE-2009-4610


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuwcgcACgkQNxpp46476aooGACfRAQ+Lv/EALknfgtlij4HEInk
TBYAnRyPlkiNxHrTyjdAmy/ln8y9frY9
=Yfen
-----END PGP SIGNATURE-----





More information about the pkg-java-maintainers mailing list