Do CVE-2006-2758 and CVE-2006-2759 affect jetty 5?
Stefan Fritsch
sf at sfritsch.de
Sun Aug 6 19:08:45 UTC 2006
Hi,
some security issues have been found in jetty 6. Please check whether
these issues affect jetty in Debian. Maybe CVE-2006-2758 has been
fixed in 5.1.10-1?
Thanks for your help.
Cheers,
Stefan
======================================================
Name: CVE-2006-2758
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2758
Phase: Assigned (20060601)
Category:
Reference: SECTRACK:1016168
Reference: URL:http://securitytracker.com/id?1016168
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16
allows remote attackers to read arbitrary files via a %2e%2e%5c
(encoded ../) in the URL.
======================================================
Name: CVE-2006-2759
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2759
Phase: Assigned (20060601)
Category:
Reference: SECTRACK:1016168
Reference: URL:http://securitytracker.com/id?1016168
jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary
script source code via a capital P in the .jsp extension, and probably
other mixed case manipulations.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20060806/e7979e87/attachment.pgp
More information about the pkg-java-maintainers
mailing list