Mandriva Linux Security Advisory : jetty5 (MDVSA-2009:291)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

A vulnerability has been identified and corrected in jetty5 :

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote
attackers to access arbitrary files via directory traversal sequences
in the URI (CVE-2009-1523).

This update fixes this vulnerability.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 42311 (mandriva_MDVSA-2009-291.nasl)

Bugtraq ID: 34800

CVE ID: CVE-2009-1523

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now