CVE-2006-2758
published 2006-06-02CVE-2006-2758: Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.01%
89.3th percentile
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
Affected
165 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jetty | jetty | — | — |
| mortbay | jetty | <= 5.1.5 | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
ghsa5.0MEDIUM
osv5.0MEDIUM
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Jetty Directory Traversal Vulnerability
ghsa·2022-05-01·CVSS 5.0
CVE-2006-2758 [MEDIUM] CWE-22 Jetty Directory Traversal Vulnerability
Jetty Directory Traversal Vulnerability
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a `%2e%2e%5c` (encoded `../`) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
OSV
Mortbay Jetty Discloses JSP Source Code
osv·2022-05-01·CVSS 5.0
CVE-2005-3747 [MEDIUM] Mortbay Jetty Discloses JSP Source Code
Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (`%5C`) characters. NOTE: this might be the same issue as CVE-2006-2758.
GHSA
Mortbay Jetty Discloses JSP Source Code
ghsa·2022-05-01·CVSS 5.0
CVE-2005-3747 [MEDIUM] CWE-200 Mortbay Jetty Discloses JSP Source Code
Mortbay Jetty Discloses JSP Source Code
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (`%5C`) characters. NOTE: this might be the same issue as CVE-2006-2758.
OSV
Jetty Directory Traversal Vulnerability
osv·2022-05-01·CVSS 5.0
CVE-2006-2758 [MEDIUM] Jetty Directory Traversal Vulnerability
Jetty Directory Traversal Vulnerability
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a `%2e%2e%5c` (encoded `../`) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
Red Hat
jetty: Jetty URL encoded format directory traversal
vendor_redhat·2005-11-18·CVSS 5.0
CVE-2006-2758 [MEDIUM] CWE-22 jetty: Jetty URL encoded format directory traversal
jetty: Jetty URL encoded format directory traversal
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
A flaw was found in Jetty. This issue could allow a remote attacker to send a specially-crafted URL request containing hexadecimal URL encoded "dot-dot" sequences (%2e%2e%5c) to traverse directories and view files and folders outside of the web root directory.
Package: jetty (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
No writeups or analysis indexed.
2006-06-02
Published