org.mortbay.jetty:jetty (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.mortbay.jetty:jetty, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2007-5614 — CVSS 7.5 (high): Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers…
CVE-2009-4611 — CVSS 7.5 (high): Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote…
CVE-2002-1533 — CVSS 5.8 (medium): Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP…
CVE-2004-2381 — CVSS 5.0 (medium): HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash)…
CVE-2006-2759 — CVSS 5.0 (medium): jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and…
CVE-2006-2758 — CVSS 5.0 (medium): Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded…
CVE-2005-3747 — CVSS 5.0 (medium): Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for…
CVE-2007-5615 — CVSS 5.0 (medium): CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP…
CVE-2007-6672 — CVSS 5.0 (medium): Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash)…
CVE-2009-1523 — CVSS 5.0 (medium): Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote…
CVE-2007-5613 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web…