Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities
Giuseppe Iuculano
iuculano at debian.org
Mon Mar 29 09:21:24 UTC 2010
Package: jetty
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote
| attackers to inject arbitrary web script or HTML via the PATH_INFO to
| the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3)
| jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4612
http://security-tracker.debian.org/tracker/CVE-2009-4612
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuwcRIACgkQNxpp46476aqFQACfZT/VLAtvNsFzBdrp3PfkyT+7
wO0An1n6VphW/zuRRLhhZhwstA40+k28
=ExF3
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list