Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-4800

Опубликовано: 13 апр. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

РелизСтатусПримечание
devel

not-affected

jetty 9.3.x only
esm-apps/xenial

not-affected

jetty 9.3.x only
esm-infra-legacy/trusty

not-affected

jetty 9.3.x only
precise

not-affected

jetty 9.3.x only
trusty

not-affected

jetty 9.3.x only
trusty/esm

not-affected

jetty 9.3.x only
upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

jetty 9.3.x only

Показывать по

РелизСтатусПримечание
devel

not-affected

jetty 9.3.x only
esm-apps/xenial

not-affected

jetty 9.3.x only
esm-infra-legacy/trusty

not-affected

jetty 9.3.x only
precise

DNE

trusty

not-affected

jetty 9.3.x only
trusty/esm

not-affected

jetty 9.3.x only
upstream

not-affected

jetty 9.3.x only
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

not-affected

jetty 9.3.x only

Показывать по

РелизСтатусПримечание
devel

not-affected

jetty 9.3.x only
esm-apps/xenial

not-affected

jetty 9.3.x only
esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

9.3.9
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%
0.00609
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-4800

redhat
больше 9 лет назад

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

nvd логотип

CVE-2016-4800

CVSS3: 9.8
nvd
почти 9 лет назад

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

debian логотип

CVE-2016-4800

CVSS3: 9.8
debian
почти 9 лет назад

The path normalization mechanism in PathResource class in Eclipse Jett ...

github логотип

GHSA-872g-2h8h-362q

CVSS3: 9.8
github
больше 7 лет назад

Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request

EPSS

Процентиль: 69%
0.00609
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3