Test Kennung:	1.3.6.1.4.1.25623.1.0.800954
Kategorie:	Web Servers
Titel:	Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability
Zusammenfassung:	Jetty WebServer is prone to a cross-site scripting (XSS) vulnerability.
Beschreibung:	Summary: Jetty WebServer is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The user supplied data passed into the 'Value' parameter in the Sample Cookies aka 'CookieDump.java' application is not adequately sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code and conduct XSS attacks via a direct GET request to cookie/. Affected Software/OS: Jetty version 6.1.19 and 6.1.20. Solution: Upgrade to version 6.1.21 or 7.0.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3579 Bugtraq: 20091006 CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application (Google Search) http://www.securityfocus.com/archive/1/507013/100/0/threaded http://www.coresecurity.com/content/jetty-persistent-xss http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.