Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:291 | First vendor Publication | 2009-10-29 |
| Vendor | Mandriva | Last vendor Modification | 2009-10-29 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability has been identified and corrected in jetty5: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI (CVE-2009-1523). This update fixes this vulnerability. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:291 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:291 (jetty5) File : nvt/mdksa_2009_291.nasl |
| 2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5500 (jetty) File : nvt/fcore_2009_5500.nasl |
| 2009-06-05 | Name : Fedora Core 11 FEDORA-2009-5509 (jetty) File : nvt/fcore_2009_5509.nasl |
| 2009-06-05 | Name : Fedora Core 10 FEDORA-2009-5513 (jetty) File : nvt/fcore_2009_5513.nasl |
| 2009-05-04 | Name : Jetty Cross Site Scripting and Information Disclosure Vulnerabilities File : nvt/jetty_34800.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 54186 | Jetty HTTP Server Document Root Traversal Arbitrary File Access Jetty contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the ResourceHandler and DefaultServlet's alias handling not properly sanitizing user input, specifically directory traversal style attacks (../../). |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2011-02-17 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_VMSA-2010-0012.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_jetty5-091109.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-291.nasl - Type : ACT_GATHER_INFO |
| 2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5500.nasl - Type : ACT_GATHER_INFO |
| 2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5509.nasl - Type : ACT_GATHER_INFO |
| 2009-05-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5513.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:40:56 |
|
