Test Kennung:	1.3.6.1.4.1.25623.1.0.151004
Kategorie:	Web Servers
Titel:	Eclipse Jetty CgiServlet Vulnerability (GHSA-3gh6-v5v9-6v9j) - Windows
Zusammenfassung:	Eclipse Jetty is prone to a vulnerability in the CgiServlet.
Beschreibung:	Summary: Eclipse Jetty is prone to a vulnerability in the CgiServlet. Vulnerability Insight: Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. Affected Software/OS: Eclipse Jetty version 9.0.0 through 9.4.51, 10.0.0 through 10.0.15 and 11.0.0 through 11.0.15. Solution: Update to version 9.4.52, 10.0.16, 11.0.16 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-36479 Debian Security Information: DSA-5507 (Google Search) https://www.debian.org/security/2023/dsa-5507 https://github.com/eclipse/jetty.project/pull/9516 https://github.com/eclipse/jetty.project/pull/9888 https://github.com/eclipse/jetty.project/pull/9889 https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.