CVE-2006-2758 — Jetty Directory Traversal Vulnerability

Description

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a `%2e%2e%5c` (encoded `../`) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

How to fix CVE-2006-2758

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.mortbay.jetty:jetty—no fix listed

Is CVE-2006-2758 being exploited?

Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 6.0.beta16

References (3)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-2758
PATCHgithub.com/jetty-project/codehaus-jetty6
WEBweb.archive.org/web/20200302050157/http://securitytracker.com/id?1016168