We found results for “”
CVE-2016-4800
Good to know:
Date: April 13, 2017
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Language: Java
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
Upgrade Version
Upgrade to version org.eclipse.jetty:jetty-server:9.3.9.M0,org.eclipse.jetty:jetty-util:9.3.9.M0,org.eclipse.jetty:jetty-runner:9.3.9.M0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |