CVE-2005-3747 — Mortbay Jetty Discloses JSP Source Code

Description

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (`%5C`) characters. NOTE: this might be the same issue as CVE-2006-2758.

How to fix CVE-2005-3747

To remediate CVE-2005-3747, upgrade the affected package to a fixed version below.

Maven/org.mortbay.jetty:jetty—upgrade to 5.1.6 or later

Is CVE-2005-3747 being exploited?

Moderate — EPSS is 19.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 5.1.6

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2005-3747
WEBsourceforge.net/project/shownotes.php?release_id=372086&group_id=7322
WEBwww.securityfocus.com/archive/1/450315/100/0/threaded
WEBwww.securityfocus.com/bid/15515