CVE-2009-1523
Last modified
CVE-2009-1523 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.. EPSS estimates a 25.80% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mortbay | Jetty | <= 6.1.16 | — |
| Mortbay | Jetty | <= 7.0.0 | M2 |
| Mortbay | Jetty | 1.0 | — |
| Mortbay | Jetty | 1.0.1 | — |
| Mortbay | Jetty | 1.1 | — |
| Mortbay | Jetty | 1.1.1 | — |
| Mortbay | Jetty | 1.2.0 | — |
| Mortbay | Jetty | 1.3.0 | — |
| Mortbay | Jetty | 1.3.1 | — |
| Mortbay | Jetty | 1.3.2 | — |
| Mortbay | Jetty | 1.3.3 | — |
| Mortbay | Jetty | 1.3.4 | — |
| Mortbay | Jetty | 1.3.5 | — |
| Mortbay | Jetty | 2.0 | Alpha1 |
| Mortbay | Jetty | 2.0.0 | — |
| Mortbay | Jetty | 2.0.1 | — |
| Mortbay | Jetty | 2.0.2 | — |
| Mortbay | Jetty | 2.0.3 | — |
| Mortbay | Jetty | 2.0.4 | — |
| Mortbay | Jetty | 2.0.5 | — |
| Mortbay | Jetty | 2.1.0 | — |
| Mortbay | Jetty | 2.1.1 | — |
| Mortbay | Jetty | 2.1.2 | — |
| Mortbay | Jetty | 2.1.3 | — |
| Mortbay | Jetty | 2.1.4 | — |
| Mortbay | Jetty | 2.1.5 | — |
| Mortbay | Jetty | 2.1.6 | — |
| Mortbay | Jetty | 2.1.7 | — |
| Mortbay | Jetty | 2.1.b0 | — |
| Mortbay | Jetty | 2.1.b1 | — |
| Mortbay | Jetty | 2.2 | Alpha0 |
| Mortbay | Jetty | 2.2.0 | — |
| Mortbay | Jetty | 2.2.1 | — |
| Mortbay | Jetty | 2.2.2 | — |
| Mortbay | Jetty | 2.2.3 | — |
| Mortbay | Jetty | 2.2.4 | — |
| Mortbay | Jetty | 2.2.5 | — |
| Mortbay | Jetty | 2.2.6 | — |
| Mortbay | Jetty | 2.2.7 | — |
| Mortbay | Jetty | 2.2.8 | — |
| Mortbay | Jetty | 2.3.0 | — |
| Mortbay | Jetty | 2.3.0a | — |
| Mortbay | Jetty | 2.3.1 | — |
| Mortbay | Jetty | 2.3.2 | — |
| Mortbay | Jetty | 2.3.3 | — |
| Mortbay | Jetty | 2.3.4 | — |
| Mortbay | Jetty | 2.3.5 | — |
| Mortbay | Jetty | 2.4.0 | — |
| Mortbay | Jetty | 2.4.1 | — |
| Mortbay | Jetty | 2.4.2 | — |
Showing 50 of 189 affected configurations. See NVD for the full list.
References
- http://secunia.com/advisories/34975Vendor Advisory
- http://secunia.com/advisories/35143Vendor Advisory
- http://secunia.com/advisories/35225Vendor Advisory
- http://secunia.com/advisories/35776Vendor Advisory
- http://secunia.com/advisories/40553Vendor Advisory
- http://www.kb.cert.org/vuls/id/402580US Government Resource
- http://www.vupen.com/english/advisories/2009/1900Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1792Vendor Advisory
- http://secunia.com/advisories/34975Vendor Advisory
- http://secunia.com/advisories/35143Vendor Advisory
- http://secunia.com/advisories/35225Vendor Advisory
- http://secunia.com/advisories/35776Vendor Advisory
- http://secunia.com/advisories/40553Vendor Advisory
- http://www.kb.cert.org/vuls/id/402580US Government Resource
- http://www.vupen.com/english/advisories/2009/1900Vendor Advisory
- http://www.vupen.com/english/advisories/2010/1792Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1523?
How severe is CVE-2009-1523?
How do I fix CVE-2009-1523?
Are you affected by CVE-2009-1523?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST