This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote web server contains a JSP application that is affected by a
cross-site scripting vulnerability.
The remote instance of Mort Bay Jetty includes a test servlet,
'webapps/test/jsp/dump.jsp', that fails to sanitize user-supplied
input before using it to generate dynamic content. An unauthenticated,
remote attacker may be able to leverage this issue to inject arbitrary
HTML or script code into a user's browser to be executed within the
security context of the affected site.
Similar issues reportedly exist with the 'webapps/snoop.jsp'' servlet
as well as Jetty itself, although Nessus did not check for them.
See also :
Remove the Test webapp if operating in a production environment and
upgrade to Mort Bay Jetty 6.1.6 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 29219 (jetty_dump_cookie_xss.nasl)
Bugtraq ID: 26697
CVE ID: CVE-2007-5613
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.