CVE-2009-4612
published 2010-01-13CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.34%
87.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
| mortbay | jetty | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
jetty: multiple XSS and information leaks in demo servlets
vendor_redhat·2009-10-25·CVSS 4.3
CVE-2009-4612 [MEDIUM] CWE-79 jetty: multiple XSS and information leaks in demo servlets
jetty: multiple XSS and information leaks in demo servlets
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
GHSA
GHSA-xj65-pmm9-g4xv: Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6
ghsa_unreviewed·2022-05-02
CVE-2009-4612 [MEDIUM] CWE-79 GHSA-xj65-pmm9-g4xv: Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
No detection rules found.
2010-01-13
Published