header-logo
Suggest Exploit
vendor:
Jetty Web Server and Servlet Container
by:
SecurityFocus
4.3
CVSS
MEDIUM
Improper Request Sanitization
20
CWE
Product Name: Jetty Web Server and Servlet Container
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Unix, and Microsoft Windows
2002

Jetty Improper Request Sanitization Vulnerability

Jetty does not properly sanitize requests, which could result in a user clicking a malicious link that would execute script or HTML code in the security context of the site hosted by the Jetty server. An attacker could exploit this vulnerability to gain authentication cookies, or other sensitive information.

Mitigation:

Ensure that all user-supplied input is properly sanitized before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5821/info

Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms.

It has been reported that Jetty does not properly sanitize requests. This could result in a user clicking a malicious link that would execute script or HTML code in the security context of the site hosted by the Jetty server. An attacker could exploit this vulnerability to gain authentication cookies, or other sensitive information.

http://www.example.com/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp

Navigation

Suggest Exploit

Services By CQR