Jetty URL Encoded Backslash Source Code Disclosure Vulnerability

Jetty is prone to a source code disclosure vulnerability. This issue is due to a failure in the application to restrict access to sensitive files.

A successful attack causes the Web server to present the requested file as a plain text file and subsequently disclosing the source.

Versions 5.1.5. and earlier are reported to be vulnerable; the vendor has released version 5.1.6. to address this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus