| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALGRrrG7EQFYCYsFQG1ftXaWvuaQ_cdV7rNRaV86TMoB_mTUVg@mail.gmail.com> Date: Thu, 23 Aug 2018 10:00:26 +0100 From: Simon Waters <simon.waters@...evine.com> To: 1n3@...hmail.com Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Jetty 6.1.6 Cross-Site Scripting (XSS) On Tue, 21 Aug 2018 at 18:15, 1n3--- via Fulldisclosure < fulldisclosure@...lists.org> wrote: > Title: Jetty 6.1.6 Cross-Site Scripting > Date: 8/14/2018 > Author: 1N3@...wdShield - https://crowdshield.com > Software Link: http://www.mortbay.org/jetty/ > Tested on: Jetty 6.1.6 (other versions may also be vulnerable) > CVE: N/A > > Background: Jetty 6.1.6 is vulnerable to Cross-Site Scripting (XSS) > which allows an attacker to inject malicious code into the affected > site. > > An attacker can trigger the exploit by appending the following > payload to an affected web server which has an open directory listing > enabled (https://victim.com//..;/">"). > > Is this CVE-2009-1524? If so fixed in 6.1.17, April 2009. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists