Jetty Directory Traversal Vulnerability

Jetty is reported prone to a directory-traversal vulnerability because the application fails to properly sanitize HTTP-request URIs.

Exploiting this vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected process.

It is unclear at this time exactly which versions of Jetty are affected by this vulnerability. This BID will be updated as further information is disclosed.

This vulnerability may be related to BID 4360.


Privacy Statement
Copyright 2010, SecurityFocus