CVE-2009-4610

Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
mortbayjetty
6.0.0
mortbayjetty
6.0.0:alpha0
mortbayjetty
6.0.0:alpha1
mortbayjetty
6.0.0:alpha2
mortbayjetty
6.0.0:alpha3
mortbayjetty
6.0.0:beta0
mortbayjetty
6.0.0:beta1
mortbayjetty
6.0.0:beta10
mortbayjetty
6.0.0:beta11
mortbayjetty
6.0.0:beta12
mortbayjetty
6.0.0:beta14
mortbayjetty
6.0.0:beta15
mortbayjetty
6.0.0:beta16
mortbayjetty
6.0.0:beta17
mortbayjetty
6.0.0:beta2
mortbayjetty
6.0.0:beta3
mortbayjetty
6.0.0:beta4
mortbayjetty
6.0.0:beta5
mortbayjetty
6.0.0:beta6
mortbayjetty
6.0.0:beta7
mortbayjetty
6.0.0:beta8
mortbayjetty
6.0.0:beta9
mortbayjetty
6.0.0:betax
mortbayjetty
6.0.0:rc0
mortbayjetty
6.0.0:rc1
mortbayjetty
6.0.0:rc2
mortbayjetty
6.0.0:rc3
mortbayjetty
6.0.0:rc4
mortbayjetty
6.0.1
mortbayjetty
6.0.2
mortbayjetty
6.1.0
mortbayjetty
6.1.0:pre0
mortbayjetty
6.1.0:pre1
mortbayjetty
6.1.0:pre2
mortbayjetty
6.1.0:pre3
mortbayjetty
6.1.0:rc0
mortbayjetty
6.1.0:rc1
mortbayjetty
6.1.0:rc2
mortbayjetty
6.1.0:rc3
mortbayjetty
6.1.1
mortbayjetty
6.1.1:rc0
mortbayjetty
6.1.2
mortbayjetty
6.1.2:pre0
mortbayjetty
6.1.2:pre1
mortbayjetty
6.1.2:rc0
mortbayjetty
6.1.2:rc1
mortbayjetty
6.1.2:rc2
mortbayjetty
6.1.2:rc3
mortbayjetty
6.1.2:rc4
mortbayjetty
6.1.2:rc5
mortbayjetty
6.1.3
mortbayjetty
6.1.4
mortbayjetty
6.1.4:rc0
mortbayjetty
6.1.4:rc1
mortbayjetty
6.1.5
mortbayjetty
6.1.5:rc0
mortbayjetty
6.1.6
mortbayjetty
6.1.6:rc0
mortbayjetty
6.1.6:rc1
mortbayjetty
6.1.7
mortbayjetty
6.1.8
mortbayjetty
6.1.9
mortbayjetty
6.1.10
mortbayjetty
6.1.11
mortbayjetty
6.1.12
mortbayjetty
6.1.12:rc1
mortbayjetty
6.1.12:rc2
mortbayjetty
6.1.12:rc3
mortbayjetty
6.1.12:rc4
mortbayjetty
6.1.12:rc5
mortbayjetty
6.1.14
mortbayjetty
6.1.15
mortbayjetty
6.1.15:pre0
mortbayjetty
6.1.15:rc2
mortbayjetty
6.1.15:rc3
mortbayjetty
6.1.15:rc4
mortbayjetty
6.1.15:rc5
mortbayjetty
6.1.16
mortbayjetty
6.1.19
mortbayjetty
6.1.20
mortbayjetty
7.0.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jetty
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
not-affected
dapper
ignored
Common Weakness Enumeration
References
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt