Описание
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
A flaw was found in Jetty. This issue could allow a remote attacker to send a specially-crafted URL request containing hexadecimal URL encoded "dot-dot" sequences (%2e%2e%5c) to traverse directories and view files and folders outside of the web root directory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | jetty | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allow ...
EPSS
5.3 Medium
CVSS3