Test ID:	1.3.6.1.4.1.25623.1.0.800954
Category:	Web Servers
Title:	Jetty 'CookieDump.java' Cross-Site Scripting Vulnerability
Summary:	Jetty WebServer is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: Jetty WebServer is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The user supplied data passed into the 'Value' parameter in the Sample Cookies aka 'CookieDump.java' application is not adequately sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code and conduct XSS attacks via a direct GET request to cookie/. Affected Software/OS: Jetty version 6.1.19 and 6.1.20. Solution: Upgrade to version 6.1.21 or 7.0.0 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3579 Bugtraq: 20091006 CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application (Google Search) http://www.securityfocus.com/archive/1/507013/100/0/threaded http://www.coresecurity.com/content/jetty-persistent-xss http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.