Mort Bay Jetty Multiple XSS Vulnerabilities
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2009-4610,CVE-2009-4612
Data do informe: 21 julho 2015
Descrição
Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty 6.x and 7.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to jsp/dump.jsp in the JSP Dump feature, or the (2) Name or (3) Value parameter to the default URI for the Session Dump Servlet under session/.
Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3) jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000552
Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention
Software infectado e versão:
- mortbay jetty 6.1.0
- mortbay jetty 6.1.1
- mortbay jetty 6.1.10
- mortbay jetty 6.1.11
- mortbay jetty 6.1.12
- mortbay jetty 6.1.14
- mortbay jetty 6.1.15
- mortbay jetty 6.1.16
- mortbay jetty 6.1.19
- mortbay jetty 6.1.2
- mortbay jetty 6.1.20
- mortbay jetty 6.1.21
- mortbay jetty 6.1.3
- mortbay jetty 6.1.4
- mortbay jetty 6.1.5
- mortbay jetty 6.1.6
- mortbay jetty 6.1.7
- mortbay jetty 6.1.8
- mortbay jetty 6.1.9