FreeBSD Local Security Checks : FreeBSD Ports: jetty

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.59976

Kategorie: FreeBSD Local Security Checks

Titel: FreeBSD Ports: jetty

Zusammenfassung: The remote host is missing an update to the system; as announced in the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: jetty

CVE-2007-5613
Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay
Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web
script or HTML via unspecified parameters and cookies.

CVE-2007-5614
Mortbay Jetty before 6.1.6rc1 does not properly handle 'certain quote
sequences' in HTML cookie parameters, which allows remote attackers to
hijack browser sessions via unspecified vectors.

CVE-2007-5615
CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows
remote attackers to inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via unspecified vectors.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2007-5613
BugTraq ID: 26697
http://www.securityfocus.com/bid/26697
CERT/CC vulnerability note: VU#237888
http://www.kb.cert.org/vuls/id/237888
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
http://osvdb.org/42497
http://secunia.com/advisories/27925
http://secunia.com/advisories/30941
http://secunia.com/advisories/35143
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2007-5614
BugTraq ID: 26695
http://www.securityfocus.com/bid/26695
CERT/CC vulnerability note: VU#438616
http://www.kb.cert.org/vuls/id/438616
http://osvdb.org/42496
Common Vulnerability Exposure (CVE) ID: CVE-2007-5615
BugTraq ID: 26696
http://www.securityfocus.com/bid/26696
CERT/CC vulnerability note: VU#212984
http://www.kb.cert.org/vuls/id/212984
http://osvdb.org/42495

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.59976
Kategorie:	FreeBSD Local Security Checks
Titel:	FreeBSD Ports: jetty
Zusammenfassung:	The remote host is missing an update to the system; as announced in the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: jetty CVE-2007-5613 Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. CVE-2007-5614 Mortbay Jetty before 6.1.6rc1 does not properly handle 'certain quote sequences' in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. CVE-2007-5615 CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5613 BugTraq ID: 26697 http://www.securityfocus.com/bid/26697 CERT/CC vulnerability note: VU#237888 http://www.kb.cert.org/vuls/id/237888 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html http://osvdb.org/42497 http://secunia.com/advisories/27925 http://secunia.com/advisories/30941 http://secunia.com/advisories/35143 SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2007-5614 BugTraq ID: 26695 http://www.securityfocus.com/bid/26695 CERT/CC vulnerability note: VU#438616 http://www.kb.cert.org/vuls/id/438616 http://osvdb.org/42496 Common Vulnerability Exposure (CVE) ID: CVE-2007-5615 BugTraq ID: 26696 http://www.securityfocus.com/bid/26696 CERT/CC vulnerability note: VU#212984 http://www.kb.cert.org/vuls/id/212984 http://osvdb.org/42495
Copyright	Copyright (C) 2008 E-Soft Inc.