CVE-2009-1523
published 2009-05-05CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access…
PriorityP346medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
25.80%
97.7th percentile
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Affected
191 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mortbay | jetty | <= 6.1.16 | — |
| mortbay | jetty | <= 7.0.0 | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vmm-vm8r-59c6: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-4404 [MEDIUM] GHSA-2vmm-vm8r-59c6: The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
GHSA
Directory traversal in Mort Bay Jetty
ghsa·2022-05-02
CVE-2009-1523 [MEDIUM] CWE-22 Directory traversal in Mort Bay Jetty
Directory traversal in Mort Bay Jetty
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
OSV
Directory traversal in Mort Bay Jetty
osv·2022-05-02
CVE-2009-1523 [MEDIUM] Directory traversal in Mort Bay Jetty
Directory traversal in Mort Bay Jetty
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Red Hat
: multiple vulnerabilities in jetty
vendor_redhat·2009-04-28·CVSS 5.0
CVE-2009-1523 [MEDIUM] : multiple vulnerabilities in jetty
: multiple vulnerabilities in jetty
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
No detection rules found.
Exploit-DB
VMware - Update Manager Directory Traversal
exploitdb·2011-11-21·CVSS 5.0
CVE-2011-4404 [MEDIUM] VMware - Update Manager Directory Traversal
VMware - Update Manager Directory Traversal
---
# Exploit Title:VMware Update Manager Directory Traversal
# Date:18/11/2011
# Author: Alexey Sintsov
# Software Link: http://www.vmware.com/
# Version:2.0.2
# Tested on: Windows 2003 / vCenter Update Manager 4.1 U1
# CVE : CVE-2011-4404
DSECRG-11-042 VMware Update Manager - Directory Traversal
Application: VMware Update Manager
Versions Affected: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4.0 prior to Update 4
Vendor URL: http://vmware.com
Bugs: Directory Traversal File Read
CVE: CVE-2011-4404
CVSS2: 7.8
Exploits: YES
Reported: 06.06.2010
Vendor response: 06.06.2010
Date of Public Advisory: 18.11.2011
Authors: Alexey Sintsov
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
Description
Di
Exploit-DB
Jetty Web Server - Directory Traversal
exploitdb·2011-11-18
CVE-2009-1523 Jetty Web Server - Directory Traversal
Jetty Web Server - Directory Traversal
---
source: https://www.securityfocus.com/bid/50723/info
Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
http://www.example.com:9084/vci/downloads/.\..\..\..\..\..\..\..\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\rui.key
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://jira.codehaus.org/browse/JETTY-1004http://secunia.com/advisories/34975http://secunia.com/advisories/35143http://secunia.com/advisories/35225http://secunia.com/advisories/35776http://secunia.com/advisories/40553http://www.kb.cert.org/vuls/id/402580http://www.kb.cert.org/vuls/id/CRDY-7RKQCYhttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.htmlhttp://www.securityfocus.com/bid/34800http://www.securityfocus.com/bid/35675http://www.securitytracker.com/id?1022563http://www.vupen.com/english/advisories/2009/1900http://www.vupen.com/english/advisories/2010/1792https://bugzilla.redhat.com/show_bug.cgi?id=499867https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.htmlhttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://jira.codehaus.org/browse/JETTY-1004http://secunia.com/advisories/34975http://secunia.com/advisories/35143http://secunia.com/advisories/35225http://secunia.com/advisories/35776http://secunia.com/advisories/40553http://www.kb.cert.org/vuls/id/402580http://www.kb.cert.org/vuls/id/CRDY-7RKQCYhttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.htmlhttp://www.securityfocus.com/bid/34800http://www.securityfocus.com/bid/35675http://www.securitytracker.com/id?1022563http://www.vupen.com/english/advisories/2009/1900http://www.vupen.com/english/advisories/2010/1792https://bugzilla.redhat.com/show_bug.cgi?id=499867https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
2009-05-05
Published