Jetty Double Slash URI Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Jetty Double Slash URI Information Disclosure Vulnerability

Jetty is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to view private directories or files within the context of the webserver process. Information obtained may lead to other attacks.

This issue affects Jetty 6.1.5 and 6.1.6.