CVE-2009-1524
published 2009-05-05CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.59%
83.4th percentile
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
Affected
187 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mortbay | jetty | <= 6.1.16 | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j6r-678r-mvp8: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6
ghsa_unreviewed·2022-05-02
CVE-2009-1524 [MEDIUM] CWE-79 GHSA-9j6r-678r-mvp8: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
Red Hat
: multiple vulnerabilities in jetty
vendor_redhat·2009-04-28·CVSS 4.3
CVE-2009-1524 [MEDIUM] : multiple vulnerabilities in jetty
: multiple vulnerabilities in jetty
Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.
No detection rules found.
No public exploits indexed.
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://jira.codehaus.org/browse/JETTY-980http://secunia.com/advisories/34975http://secunia.com/advisories/40553http://www.securityfocus.com/bid/34800http://www.vupen.com/english/advisories/2010/1792https://bugzilla.redhat.com/show_bug.cgi?id=499867http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388http://jira.codehaus.org/browse/JETTY-980http://secunia.com/advisories/34975http://secunia.com/advisories/40553http://www.securityfocus.com/bid/34800http://www.vupen.com/english/advisories/2010/1792https://bugzilla.redhat.com/show_bug.cgi?id=499867
2009-05-05
Published