The remote host is vulnerable to multiple attack vectors
The remote instance of Mort Bay Jetty is vulnerable to a number of flaws. First, the application is vulnerable to a cross-site-scripting flaw when displaying web directory listings. Secondly, the application is prone to an information disclosure flaw which can be used to read files outside the web root. Note: in order for the second flaw to be executed, Jetty must have been configured to have DefaultServlet with support for aliases turned on.
Upgrade to Mort Bay Jetty 6.1.17 or later.