CVE-2009-4611

13.01.2010, 20:30

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
mortbay	jetty	6.0.0
mortbay	jetty	6.0.0:alpha0
mortbay	jetty	6.0.0:alpha1
mortbay	jetty	6.0.0:alpha2
mortbay	jetty	6.0.0:alpha3
mortbay	jetty	6.0.0:beta0
mortbay	jetty	6.0.0:beta1
mortbay	jetty	6.0.0:beta10
mortbay	jetty	6.0.0:beta11
mortbay	jetty	6.0.0:beta12
mortbay	jetty	6.0.0:beta14
mortbay	jetty	6.0.0:beta15
mortbay	jetty	6.0.0:beta16
mortbay	jetty	6.0.0:beta17
mortbay	jetty	6.0.0:beta2
mortbay	jetty	6.0.0:beta3
mortbay	jetty	6.0.0:beta4
mortbay	jetty	6.0.0:beta5
mortbay	jetty	6.0.0:beta6
mortbay	jetty	6.0.0:beta7
mortbay	jetty	6.0.0:beta8
mortbay	jetty	6.0.0:beta9
mortbay	jetty	6.0.0:betax
mortbay	jetty	6.0.0:rc0
mortbay	jetty	6.0.0:rc1
mortbay	jetty	6.0.0:rc2
mortbay	jetty	6.0.0:rc3
mortbay	jetty	6.0.0:rc4
mortbay	jetty	6.0.1
mortbay	jetty	6.0.2
mortbay	jetty	6.1.0
mortbay	jetty	6.1.0:pre0
mortbay	jetty	6.1.0:pre1
mortbay	jetty	6.1.0:pre2
mortbay	jetty	6.1.0:pre3
mortbay	jetty	6.1.0:rc0
mortbay	jetty	6.1.0:rc1
mortbay	jetty	6.1.0:rc2
mortbay	jetty	6.1.0:rc3
mortbay	jetty	6.1.1
mortbay	jetty	6.1.1:rc0
mortbay	jetty	6.1.2
mortbay	jetty	6.1.2:pre0
mortbay	jetty	6.1.2:pre1
mortbay	jetty	6.1.2:rc0
mortbay	jetty	6.1.2:rc1
mortbay	jetty	6.1.2:rc2
mortbay	jetty	6.1.2:rc3
mortbay	jetty	6.1.2:rc4
mortbay	jetty	6.1.2:rc5
mortbay	jetty	6.1.3
mortbay	jetty	6.1.4
mortbay	jetty	6.1.4:rc0
mortbay	jetty	6.1.4:rc1
mortbay	jetty	6.1.5
mortbay	jetty	6.1.5:rc0
mortbay	jetty	6.1.6
mortbay	jetty	6.1.6:rc0
mortbay	jetty	6.1.6:rc1
mortbay	jetty	6.1.7
mortbay	jetty	6.1.8
mortbay	jetty	6.1.9
mortbay	jetty	6.1.10
mortbay	jetty	6.1.11
mortbay	jetty	6.1.12
mortbay	jetty	6.1.12:rc1
mortbay	jetty	6.1.12:rc2
mortbay	jetty	6.1.12:rc3
mortbay	jetty	6.1.12:rc4
mortbay	jetty	6.1.12:rc5
mortbay	jetty	6.1.14
mortbay	jetty	6.1.15
mortbay	jetty	6.1.15:pre0
mortbay	jetty	6.1.15:rc2
mortbay	jetty	6.1.15:rc3
mortbay	jetty	6.1.15:rc4
mortbay	jetty	6.1.15:rc5
mortbay	jetty	6.1.16
mortbay	jetty	6.1.19
mortbay	jetty	6.1.20
mortbay	jetty	7.0.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

jetty

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	ignored
jaunty	ignored
intrepid	ignored
hardy	ignored
dapper	ignored

Known Exploits!

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.securityfocus.com/archive/1/508830/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

http://www.ush.it/team/ush/hack_httpd_escape/adv.txt

http://www.securityfocus.com/archive/1/508830/100/0/threaded

http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt

http://www.ush.it/team/ush/hack_httpd_escape/adv.txt