Bug#527571: CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty

Giuseppe Iuculano Fri, 08 May 2009 01:49:35 -0700

Package: jetty
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.


CVE-2009-1524[0]:
| Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before
| 6.1.17 allows remote attackers to inject arbitrary web script or HTML
| via a directory listing request containing a ; (semicolon) character.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524
    http://security-tracker.debian.net/tracker/CVE-2009-1524
    http://jira.codehaus.org/browse/JETTY-1004
    http://jira.codehaus.org/browse/JETTY-980
    http://www.kb.cert.org/vuls/id/402580

Cheers,
Giuseppe.



_______________________________________________
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Bug#527571: CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay Jetty

Reply via email to