CVE-2009-1523

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

🔗 References (38)

• cve@mitrehttp://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
• cve@mitrehttp://jira.codehaus.org/browse/JETTY-1004
• cve@mitrehttp://secunia.com/advisories/34975
• cve@mitrehttp://secunia.com/advisories/35143
• cve@mitrehttp://secunia.com/advisories/35225
• cve@mitrehttp://secunia.com/advisories/35776
• cve@mitrehttp://secunia.com/advisories/40553
• cve@mitrehttp://www.kb.cert.org/vuls/id/402580
• cve@mitrehttp://www.kb.cert.org/vuls/id/CRDY-7RKQCY
• cve@mitrehttp://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
• cve@mitrehttp://www.securityfocus.com/bid/34800
• cve@mitrehttp://www.securityfocus.com/bid/35675
• cve@mitrehttp://www.securitytracker.com/id?1022563
• cve@mitrehttp://www.vupen.com/english/advisories/2009/1900
• cve@mitrehttp://www.vupen.com/english/advisories/2010/1792