Mandriva Linux Security Advisory : jetty5 (MDVSA-2009:291)

Medium Nessus Plugin ID 42311


The remote Mandriva Linux host is missing one or more security updates.


A vulnerability has been identified and corrected in jetty5 :

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote attackers to access arbitrary files via directory traversal sequences in the URI (CVE-2009-1523).

This update fixes this vulnerability.


Update the affected packages.

Plugin Details

Severity: Medium

ID: 42311

File Name: mandriva_MDVSA-2009-291.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2009/10/30

Modified: 2016/02/25

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:jetty5, p-cpe:/a:mandriva:linux:jetty5-demo, p-cpe:/a:mandriva:linux:jetty5-javadoc, p-cpe:/a:mandriva:linux:jetty5-manual, cpe:/o:mandriva:linux:2009.0, cpe:/o:mandriva:linux:2009.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/10/29

Reference Information

CVE: CVE-2009-1523

BID: 34800

OSVDB: 54186

MDVSA: 2009:291

CERT: 402580

CWE: 22