Every CVE whose affected-product data names Mortbay Jetty, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2009-4611 — CVSS 7.5 (high): Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote…
CVE-2011-4461 — CVSS 5.3 (medium): Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions…
CVE-2005-3747 — CVSS 5.0 (medium): Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for…
CVE-2009-1523 — CVSS 5.0 (medium): Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote…
CVE-2009-4609 — CVSS 5.0 (medium): The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote attackers to obtain sensitive information about internal variables and other…
CVE-2009-4612 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote…
CVE-2009-4610 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script…
CVE-2009-3579 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote…
CVE-2009-1524 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via…