Mort Bay Jetty < 6.1.17 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5017
SynopsisThe remote host is vulnerable to multiple attack vectors
DescriptionThe remote instance of Mort Bay Jetty is vulnerable to a number of flaws. First, the application is vulnerable to a cross-site-scripting flaw when displaying web directory listings. Secondly, the application is prone to an information disclosure flaw which can be used to read files outside the web root. Note: in order for the second flaw to be executed, Jetty must have been configured to have DefaultServlet with support for aliases turned on.
SolutionUpgrade to Mort Bay Jetty 6.1.17 or later.