CVE-2009-1523 Medium Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

CVE-2009-1523 - Medium Severity Vulnerability

Vulnerable Libraries - jetty-util-6.1.7.jar, jetty-6.1.7.jar

jetty-util-6.1.7.jar

Utility classes for Jetty

path: null

Library home page: http://jetty.mortbay.org

Dependency Hierarchy:

• ❌ jetty-util-6.1.7.jar (Vulnerable Library)

jetty-6.1.7.jar

Jetty server core

path: null

Library home page: http://jetty.mortbay.org

Dependency Hierarchy:

• ❌ jetty-6.1.7.jar (Vulnerable Library)

Vulnerability Details

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Publish Date: 2009-05-05

URL: CVE-2009-1523

CVSS 2 Score Details (5.0)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: http://www.securitytracker.com/id?1022563

Release Date: 2017-12-31

Fix Resolution: The vendor has issued a fix, described in their July 2009 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

---

Step up your Open Source Security Game with WhiteSource here