CVE-2006-2759

Опубликовано: 01 июн. 2006

Источник: redhat

CVSS3: 5.3

Описание

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

A flaw was found in Jetty that could allow a remote attacker to obtain sensitive information. If an attacker sends a specially-crafted request for a known ".jsp" file using an uppercase letter P in the file extension (.jsP), the requested file's source code will be returned if the file system being used is case-sensitive.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	jetty	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-178

https://bugzilla.redhat.com/show_bug.cgi?id=2187716jetty: .jsp extension source code disclosure

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2006-2759

nvd

около 19 лет назад

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

CVE-2006-2759

debian

около 19 лет назад

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...

GHSA-mq4x-8whh-jx73

CVSS3: 5.3

github

больше 3 лет назад

Improper Input Validation in Mortbay Jetty

5.3 Medium

CVSS3