FreeBSD : jetty -- multiple vulnerabilities (6ae7cef2-a6ae-11dc-95e6-000c29c5647f)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay
Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web
script or HTML via unspecified parameters and cookies.

Mortbay Jetty before 6.1.6rc1 does not properly handle 'certain quote
sequences' in HTML cookie parameters, which allows remote attackers to
hijack browser sessions via unspecified vectors.

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via unspecified vectors.

See also :

http://www.nessus.org/u?a5a69b83
http://www.nessus.org/u?a643f0ad

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29288 (freebsd_pkg_6ae7cef2a6ae11dc95e6000c29c5647f.nasl)

Bugtraq ID:

CVE ID: CVE-2007-5613
CVE-2007-5614
CVE-2007-5615

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now