Mort Bay Jetty < 6.1.17 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 5017


The remote host is vulnerable to multiple attack vectors


The remote instance of Mort Bay Jetty is vulnerable to a number of flaws. First, the application is vulnerable to a cross-site-scripting flaw when displaying web directory listings. Secondly, the application is prone to an information disclosure flaw which can be used to read files outside the web root. Note: in order for the second flaw to be executed, Jetty must have been configured to have DefaultServlet with support for aliases turned on.


Upgrade to Mort Bay Jetty 6.1.17 or later.

See Also

Plugin Details

Severity: Medium

ID: 5017

File Name: 5017.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 6.5

Temporal Score: 6


Temporal Vector: CVSS3#E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mortbay:jetty

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-1523, CVE-2009-1524

BID: 34800

OSVDB: 54186, 54187