Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2009-1524 First vendor Publication 2009-05-05
Vendor Cve Last vendor Modification 2010-07-20

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 330

OpenVAS Exploits

Date Description
2009-06-05 Name : Fedora Core 9 FEDORA-2009-5500 (jetty)
File : nvt/fcore_2009_5500.nasl
2009-06-05 Name : Fedora Core 11 FEDORA-2009-5509 (jetty)
File : nvt/fcore_2009_5509.nasl
2009-06-05 Name : Fedora Core 10 FEDORA-2009-5513 (jetty)
File : nvt/fcore_2009_5513.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54187 Jetty Directory Listing Semicolon Character XSS

Jetty contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate content preceding a ";" for directory listing URLs. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2011-11-28 Name : An application on the remote web server has a directory traversal vulnerability.
File : vmware_vcenter_update_mgr_vmsa-2011-0014.nasl - Type : ACT_GATHER_INFO
2011-08-24 Name : The remote web server has a cross-site scripting vulnerability.
File : hadoop_jetty_xss.nasl - Type : ACT_GATHER_INFO
2011-02-17 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_VMSA-2010-0012.nasl - Type : ACT_GATHER_INFO
2010-07-29 Name : The remote web server has a cross-site scripting vulnerability.
File : vmware_vcenter_update_mgr_xss.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5500.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5509.nasl - Type : ACT_GATHER_INFO
2009-05-27 Name : The remote Fedora host is missing a security update.
File : fedora_2009-5513.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/34800
CONFIRM http://jira.codehaus.org/browse/JETTY-980
https://bugzilla.redhat.com/show_bug.cgi?id=499867
HP http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
SECUNIA http://secunia.com/advisories/34975
http://secunia.com/advisories/40553
VUPEN http://www.vupen.com/english/advisories/2010/1792

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2021-05-05 01:05:54
  • Multiple Updates
2021-05-04 12:09:31
  • Multiple Updates
2021-04-22 01:09:51
  • Multiple Updates
2020-05-23 01:40:22
  • Multiple Updates
2020-05-23 00:23:43
  • Multiple Updates
2016-04-26 18:48:07
  • Multiple Updates
2014-02-17 10:49:53
  • Multiple Updates
2013-05-10 23:49:45
  • Multiple Updates