Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date

ID

Exploitable

Severity

Affects

Fixed Version

Comment

1/7/2009

JETTY-1042

low

high

<=6.1.18, <=7.0.0.M4

6.1.19, 7.0.0.Rc0

cookie leak between requests sharing a connection

30/04/2009

CERT402580

medium

high

<=6.1.16,<=7.0.0.M2

5.1.15,6.1.18,7.0.0.M2 JETTY-1004

view arbitrary disk content in some specific configurations

22/12/2007

CVE-2007-6672/CERT553235

high

medium

6.1.rrc0-6.1.6

6.1.7 see JETTY-386

Static content visible in WEB-INF and past security constraints

5/11/2007

CVE-2007-5614/CERT438616

low

low

<6.1.6

6.1.6rc1
(patch in CVS for jetty5)

Singled quote in cookie name

5/11/2007

CVE-2007-5613/CERT237888

low

low

<6.1.6

6.1.6rc1
(patch in CVS for jetty5)

XSS in demo dump servlet

3/10/2007

CVE-2007-5615/CERT21284

medium

medium

<6.1.6

6.1.6rc0
(patch in CVS for jetty5)

CRLF Response splitting

22/11/2006

CVE-2006-6969

low

high

<6.1.0,<6.0.2,<5.1.12,<4.2.27

6.1.0pre3, 6.0.2, 5.1.12, 4.2.27

Session ID predictability

1/6/2006

CVE-2006-2759

medium

medium

6.0.*<6.0.0Beta17

6.0.0Beta17

JSP source visibility

5/1/2006

 

medium

medium

<5.1.10

5.1.10

Fixed // security constraint bypass on windows

18/11/2005

CVE-2006-2758

medium

medium

<5.1.6

5.1.6, 6.0.0Beta4

JSP source visibility

4/2/2004

JSSE 1.0.3_01

medium

medium

<4.2.7

4.2.7

Upgraded JSSE to obtain downstream security fix

22/9/2002

 

high

high

<4.1.0

4.1.0

Fixed CGI servlet remove exploit

12/3/2002

 

medium

 

<3.1.7

4.0.RC2, 3.1.7

Fixed // security constraint bypass

21/10/2001

 

medium

 

< 3.1.3

3.1.3

Fixed trailing null security constraint bypass

...

Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery