Executive Summary

Informations
Name CVE-2023-36479 First vendor Publication 2023-09-15
Vendor Cve Last vendor Modification 2025-05-27

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Overall CVSS Score 3.1
Base Score 3.1 Environmental Score 3.1
impact SubScore 1.4 Temporal Score 3.1
Exploitabality Sub Score 1.6
 
Attack Vector Network Attack Complexity High
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 320
Os 3

Sources (Detail)

https://github.com/eclipse/jetty.project/pull/9516
https://github.com/eclipse/jetty.project/pull/9888
https://github.com/eclipse/jetty.project/pull/9889
https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
https://www.debian.org/security/2023/dsa-5507
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2025-05-28 00:20:53
  • Multiple Updates
2025-02-13 21:21:38
  • Multiple Updates
2024-11-28 14:27:10
  • Multiple Updates
2024-08-02 13:49:54
  • Multiple Updates
2024-08-02 01:33:27
  • Multiple Updates
2024-02-02 02:47:01
  • Multiple Updates
2024-02-01 12:30:32
  • Multiple Updates
2023-10-17 00:27:41
  • Multiple Updates
2023-09-30 21:27:37
  • Multiple Updates
2023-09-29 17:27:29
  • Multiple Updates
2023-09-20 21:27:22
  • Multiple Updates
2023-09-19 09:27:22
  • First insertion