CVE-2009-4611
published 2010-01-13CVE-2009-4611: Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.18%
86.5th percentile
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper input validation in Mort Bay Jetty
osv·2022-05-02
CVE-2009-4611 [HIGH] Improper input validation in Mort Bay Jetty
Improper input validation in Mort Bay Jetty
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
GHSA
Improper input validation in Mort Bay Jetty
ghsa·2022-05-02
CVE-2009-4611 [HIGH] CWE-20 Improper input validation in Mort Bay Jetty
Improper input validation in Mort Bay Jetty
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
Red Hat
jetty: escape sequence injection to stack traces
vendor_redhat·2009-10-25·CVSS 7.5
CVE-2009-4611 [HIGH] jetty: escape sequence injection to stack traces
jetty: escape sequence injection to stack traces
Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/archive/1/508830/100/0/threadedhttp://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txthttp://www.ush.it/team/ush/hack_httpd_escape/adv.txthttp://www.securityfocus.com/archive/1/508830/100/0/threadedhttp://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txthttp://www.ush.it/team/ush/hack_httpd_escape/adv.txt
2010-01-13
Published