CVE-2016-4800
published 2017-04-13CVE-2016-4800: The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jetty9 | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |