diff options
| author | remko <remko@FreeBSD.org> | 2007-12-10 15:00:05 +0800 |
|---|---|---|
| committer | remko <remko@FreeBSD.org> | 2007-12-10 15:00:05 +0800 |
| commit | 1d718928f5fca5a255d52bd778f58b6f33f2bedf (patch) | |
| tree | 69890dce41d12d9264fb81532efabafcd49e8f9c /security | |
| parent | d07170a331e6a8db23daa28e1fb0784c045089fe (diff) | |
| download | freebsd-ports-gnome-1d718928f5fca5a255d52bd778f58b6f33f2bedf.tar.gz freebsd-ports-gnome-1d718928f5fca5a255d52bd778f58b6f33f2bedf.tar.zst freebsd-ports-gnome-1d718928f5fca5a255d52bd778f58b6f33f2bedf.zip | |
Document jetty - multiple vulnerabilities
PR: ports/118524
Submitted by: Nick Barkas <snb at threerings dot net>
with minor modifications by me
Approved by: portmgr (secteam blanket)
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8ba13657f418..69b309f2a415 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,50 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6ae7cef2-a6ae-11dc-95e6-000c29c5647f"> + <topic>jetty -- multiple vulnerabilities</topic> + <affects> + <package> + <name>jetty</name> + <range><lt>6.1.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <blockquote cite="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5613"> + <p>Cross-site scripting (XSS) vulnerability in Dump Servlet in + Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject + arbitrary web script or HTML via unspecified parameters and + cookies.</p> + </blockquote> + <blockquote cite="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5614"> + <p>Mortbay Jetty before 6.1.6rc1 does not properly handle "certain + quote sequences" in HTML cookie parameters, which allows remote + attackers to hijack browser sessions via unspecified vectors.</p> + </blockquote> + <blockquote cite="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5615"> + <p>CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 + allows remote attackers to inject arbitrary HTTP headers and + conduct HTTP response splitting attacks via unspecified vectors. + </p> + </blockquote> + </body> + </description> + <references> + <certvu>237888</certvu> + <certvu>212984</certvu> + <certvu>438616</certvu> + <cvename>CVE-2007-5613</cvename> + <cvename>CVE-2007-5614</cvename> + <cvename>CVE-2007-5615</cvename> + <url>http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt</url> + </references> + <dates> + <discovery>2007-12-05</discovery> + <entry>2007-12-10</entry> + </dates> + </vuln> + <vuln vid="821afaa2-9e9a-11dc-a7e3-0016360406fa"> <topic>liveMedia -- DoS vulnerability</topic> <affects> |