Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mort Bay Jetty < 6.1.17 Multiple Vulnerabilities



The remote host is vulnerable to multiple attack vectors


The remote instance of Mort Bay Jetty is vulnerable to a number of flaws. First, the application is vulnerable to a cross-site-scripting flaw when displaying web directory listings. Secondly, the application is prone to an information disclosure flaw which can be used to read files outside the web root. Note: in order for the second flaw to be executed, Jetty must have been configured to have DefaultServlet with support for aliases turned on.


Upgrade to Mort Bay Jetty 6.1.17 or later.