CVE-2002-1533
Jetty Javascript Inclusion Vulnerability
EPSS 5.2%
Description
Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (`%0a`).
How to fix CVE-2002-1533
To remediate CVE-2002-1533, upgrade the affected package to a fixed version below.
- Maven/org.mortbay.jetty:jetty—upgrade to 4.1.1 or later
Is CVE-2002-1533 being exploited?
Moderate — EPSS is 5.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4.1.1
References (4)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2002-1533
- WEBweb.archive.org/web/20040705203137/http://xforce.iss.net/xforce/xfdb/10219
- WEBweb.archive.org/web/20041213153950/http://archives.neohapsis.com/archives/bugtraq/2002-09/0337.html
- WEBweb.archive.org/web/20061020173202/http://www.securityfocus.com/bid/5821