Bug#340582: CVE-2005-3747: Incorrect input validation of HTTP
requests
Moritz Muehlenhoff
jmm at inutil.org
Thu Nov 24 10:59:44 UTC 2005
Package: jetty
Version: 5.1.5rc1-6
Severity: grave
Tags: security
Justification: user security hole
An input validation error when processing HTTP requests containing specially
crafted characters can be exploited to display the source code of Java
Server pages instead of an expected HTML response.
Please see http://www.frsirt.com/english/advisories/2005/2515 for details.
It's fixed upstream in 5.1.6. This has been assigned CVE-2005-3747, please
mention it in the changelog when fixing it.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
More information about the pkg-java-maintainers
mailing list