GHSA-cwq3-qp8v-w8q3

Suggest an improvement
Source
https://github.com/advisories/GHSA-cwq3-qp8v-w8q3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwq3-qp8v-w8q3/GHSA-cwq3-qp8v-w8q3.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-cwq3-qp8v-w8q3
Aliases
  • CVE-2005-3747
Published
2022-05-01T02:20:38Z
Modified
2024-11-28T05:37:36.583827Z
Summary
Mortbay Jetty Discloses JSP Source Code
Details

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (%5C) characters. NOTE: this might be the same issue as CVE-2006-2758.

Database specific
{
    "nvd_published_at": "2005-11-22T11:03:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T23:46:51Z"
}
References

Affected packages

Maven / org.mortbay.jetty:jetty

Package

Name
org.mortbay.jetty:jetty
View open source insights on deps.dev
Purl
pkg:maven/org.mortbay.jetty/jetty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.6

Affected versions

test-6.*

test-6.0.0rc3
test-6.0.0rc4
test-6.0.0
test-6.0.1

4.*

4.1-rc1
4.1-rc6
4.2.2
4.2.3
4.2.9
4.2.10
4.2.12