CVE-2007-5614
Improper Authentication in Mortbay Jetty
7.3
HIGH
CVSS 3.1
EPSS 3.5%
Description
Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.
How to fix CVE-2007-5614
To remediate CVE-2007-5614, upgrade the affected package to a fixed version below.
- Maven/org.mortbay.jetty:jetty—upgrade to 6.1.6 or later
Is CVE-2007-5614 being exploited?
Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 6.1.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |