Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2009-1524First vendor Publication2009-05-05
VendorCveLast vendor Modification2010-07-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application326

OpenVAS Exploits

DateDescription
2009-06-05Name : Fedora Core 9 FEDORA-2009-5500 (jetty)
File : nvt/fcore_2009_5500.nasl
2009-06-05Name : Fedora Core 11 FEDORA-2009-5509 (jetty)
File : nvt/fcore_2009_5509.nasl
2009-06-05Name : Fedora Core 10 FEDORA-2009-5513 (jetty)
File : nvt/fcore_2009_5513.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
54187Jetty Directory Listing Semicolon Character XSS

Nessus® Vulnerability Scanner

DateDescription
2011-11-28Name : An application on the remote web server has a directory traversal vulnerability.
File : vmware_vcenter_update_mgr_vmsa-2011-0014.nasl - Type : ACT_GATHER_INFO
2011-08-24Name : The remote web server has a cross-site scripting vulnerability.
File : hadoop_jetty_xss.nasl - Type : ACT_GATHER_INFO
2011-02-17Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_VMSA-2010-0012.nasl - Type : ACT_GATHER_INFO
2010-07-29Name : The remote web server has a cross-site scripting vulnerability.
File : vmware_vcenter_update_mgr_xss.nasl - Type : ACT_GATHER_INFO
2009-05-27Name : The remote Fedora host is missing a security update.
File : fedora_2009-5500.nasl - Type : ACT_GATHER_INFO
2009-05-27Name : The remote Fedora host is missing a security update.
File : fedora_2009-5509.nasl - Type : ACT_GATHER_INFO
2009-05-27Name : The remote Fedora host is missing a security update.
File : fedora_2009-5513.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/34800
CONFIRMhttp://jira.codehaus.org/browse/JETTY-980
https://bugzilla.redhat.com/show_bug.cgi?id=499867
HPhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
SECUNIAhttp://secunia.com/advisories/34975
http://secunia.com/advisories/40553
VUPENhttp://www.vupen.com/english/advisories/2010/1792

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:49:53
  • Multiple Updates
2013-05-10 23:49:45
  • Multiple Updates