ByteOS Network

NVD Vulnerability Details :

CVE-2009-1523

Modified

Source-cve@mitre.org

Published At-05 May, 2009 | 17:30

Updated At-23 Oct, 2012 | 03:06

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

mortbay>>jetty>>Versions up to 6.1.16(inclusive)

cpe:2.3:a:mortbay:jetty:*:*:*:*:*:*:*:*

mortbay>>jetty>>Versions up to 7.0.0(inclusive)

cpe:2.3:a:mortbay:jetty:*:m2:*:*:*:*:*:*

mortbay>>jetty>>1.0

cpe:2.3:a:mortbay:jetty:1.0:*:*:*:*:*:*:*

mortbay>>jetty>>1.0.1

cpe:2.3:a:mortbay:jetty:1.0.1:*:*:*:*:*:*:*

mortbay>>jetty>>1.1

cpe:2.3:a:mortbay:jetty:1.1:*:*:*:*:*:*:*

mortbay>>jetty>>1.1.1

cpe:2.3:a:mortbay:jetty:1.1.1:*:*:*:*:*:*:*

mortbay>>jetty>>1.2.0

cpe:2.3:a:mortbay:jetty:1.2.0:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.0

cpe:2.3:a:mortbay:jetty:1.3.0:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.1

cpe:2.3:a:mortbay:jetty:1.3.1:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.2

cpe:2.3:a:mortbay:jetty:1.3.2:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.3

cpe:2.3:a:mortbay:jetty:1.3.3:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.4

cpe:2.3:a:mortbay:jetty:1.3.4:*:*:*:*:*:*:*

mortbay>>jetty>>1.3.5

cpe:2.3:a:mortbay:jetty:1.3.5:*:*:*:*:*:*:*

mortbay>>jetty>>2.0

cpe:2.3:a:mortbay:jetty:2.0:alpha1:*:*:*:*:*:*

mortbay>>jetty>>2.0

cpe:2.3:a:mortbay:jetty:2.0:alpha2:*:*:*:*:*:*

mortbay>>jetty>>2.0

cpe:2.3:a:mortbay:jetty:2.0:beta1:*:*:*:*:*:*

mortbay>>jetty>>2.0

cpe:2.3:a:mortbay:jetty:2.0:beta2:*:*:*:*:*:*

mortbay>>jetty>>2.0.0

cpe:2.3:a:mortbay:jetty:2.0.0:*:*:*:*:*:*:*

mortbay>>jetty>>2.0.1

cpe:2.3:a:mortbay:jetty:2.0.1:*:*:*:*:*:*:*

mortbay>>jetty>>2.0.2

cpe:2.3:a:mortbay:jetty:2.0.2:*:*:*:*:*:*:*

mortbay>>jetty>>2.0.3

cpe:2.3:a:mortbay:jetty:2.0.3:*:*:*:*:*:*:*

mortbay>>jetty>>2.0.4

cpe:2.3:a:mortbay:jetty:2.0.4:*:*:*:*:*:*:*

mortbay>>jetty>>2.0.5

cpe:2.3:a:mortbay:jetty:2.0.5:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.0

cpe:2.3:a:mortbay:jetty:2.1.0:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.1

cpe:2.3:a:mortbay:jetty:2.1.1:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.2

cpe:2.3:a:mortbay:jetty:2.1.2:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.3

cpe:2.3:a:mortbay:jetty:2.1.3:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.4

cpe:2.3:a:mortbay:jetty:2.1.4:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.5

cpe:2.3:a:mortbay:jetty:2.1.5:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.6

cpe:2.3:a:mortbay:jetty:2.1.6:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.7

cpe:2.3:a:mortbay:jetty:2.1.7:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.b0

cpe:2.3:a:mortbay:jetty:2.1.b0:*:*:*:*:*:*:*

mortbay>>jetty>>2.1.b1

cpe:2.3:a:mortbay:jetty:2.1.b1:*:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:alpha0:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:alpha1:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:beta0:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:beta1:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:beta2:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:beta3:*:*:*:*:*:*

mortbay>>jetty>>2.2

cpe:2.3:a:mortbay:jetty:2.2:beta4:*:*:*:*:*:*

mortbay>>jetty>>2.2.0

cpe:2.3:a:mortbay:jetty:2.2.0:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.1

cpe:2.3:a:mortbay:jetty:2.2.1:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.2

cpe:2.3:a:mortbay:jetty:2.2.2:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.3

cpe:2.3:a:mortbay:jetty:2.2.3:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.4

cpe:2.3:a:mortbay:jetty:2.2.4:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.5

cpe:2.3:a:mortbay:jetty:2.2.5:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.6

cpe:2.3:a:mortbay:jetty:2.2.6:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.7

cpe:2.3:a:mortbay:jetty:2.2.7:*:*:*:*:*:*:*

mortbay>>jetty>>2.2.8

cpe:2.3:a:mortbay:jetty:2.2.8:*:*:*:*:*:*:*

mortbay>>jetty>>2.3.0

cpe:2.3:a:mortbay:jetty:2.3.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	nvd@nist.gov

CWE ID: CWE-22

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388	cve@mitre.org	N/A
http://jira.codehaus.org/browse/JETTY-1004	cve@mitre.org	N/A
http://secunia.com/advisories/34975	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/35143	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/35225	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/35776	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/40553	cve@mitre.org	Vendor Advisory
http://www.kb.cert.org/vuls/id/402580	cve@mitre.org	US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-7RKQCY	cve@mitre.org	N/A
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/34800	cve@mitre.org	N/A
http://www.securityfocus.com/bid/35675	cve@mitre.org	N/A
http://www.securitytracker.com/id?1022563	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2009/1900	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1792	cve@mitre.org	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=499867	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html	cve@mitre.org	N/A