[MAVEN:GHSA-966R-962G-2JQ5] Mortbay Jetty CRLF Injection Vulnerability

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Package	Affected Version
pkg:maven/org.mortbay.jetty/jetty	< 6.1.6rc0

Package	Fixed Version
pkg:maven/org.mortbay.jetty/jetty	= 6.1.6rc0

ID

MAVEN:GHSA-966R-962G-2JQ5

Severity

moderate

URL

https://github.com/advisories/GHSA-966r-962g-2jq5

Published

2022-05-01T18:35:01
(2 years ago)

Modified

2023-09-21T23:12:43
(12 months ago)

Rights

Maven Security Team

Other Advisories

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2007-5615
			https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
			https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
			http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
			http://www.kb.cert.org/vuls/id/212984
			https://github.com/jetty-project/codehaus-jetty6/commit/0d2592ea3183914163d0921e4855bd3e18582a05
			https://web.archive.org/web/20071007232422/http://svn.codehaus.org:80/jetty/jetty/trunk/VERSION.txt
			https://web.archive.org/web/20150112202621/http://www.securityfocus.com/bid/26696
			https://github.com/advisories/GHSA-966r-962g-2jq5

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.mortbay.jetty/jetty	org.mortbay.jetty	jetty	< 6.1.6rc0
Fixed	pkg:maven/org.mortbay.jetty/jetty	org.mortbay.jetty	jetty	= 6.1.6rc0

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date