This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.
The remote web server hosts an application that is prone to a cross-
site scripting attack.
The installed version of Mort Bay Jetty includes a sample web
application, 'CookieDump.java', that allows for setting arbitrary
cookies through user input to the 'Name' and 'Value' GET parameters
to '/cookie' and in turn uses those without sanitizing them to
generate dynamic HTML output.
An attacker may be able to leverage this issue to inject arbitrary
HTML and script code into a user's browser to be executed within the
security context of the affected site.
See also :
Upgrade to Mort Bay Jetty 7.0.0 or later as that reportedly
addresses the issue.
Risk factor :
Medium / CVSS Base Score : 4.3
Family: CGI abuses : XSS
Nessus Plugin ID: 42797 (jetty_cookie_xss.nasl)
CVE ID: CVE-2009-3579