CVE-2009-4609
published 2010-01-13CVE-2009-4609: The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request…
PriorityP420medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.79%
75.6th percentile
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jetty: multiple XSS and information leaks in demo servlets
vendor_redhat·2009-10-25·CVSS 5.0
CVE-2009-4609 [MEDIUM] CWE-79 jetty: multiple XSS and information leaks in demo servlets
jetty: multiple XSS and information leaks in demo servlets
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
GHSA
GHSA-h7pw-qxgc-9wwm: The Dump Servlet in Mort Bay Jetty 6
ghsa_unreviewed·2022-05-02
CVE-2009-4609 [MEDIUM] CWE-200 GHSA-h7pw-qxgc-9wwm: The Dump Servlet in Mort Bay Jetty 6
The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other data via a request to a URI ending in /dump/, as demonstrated by discovering the value of the getPathTranslated variable.
No detection rules found.
No public exploits indexed.
2010-01-13
Published