CVE-2009-1523 — Directory traversal in Mort Bay Jetty

Description

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

How to fix CVE-2009-1523

To remediate CVE-2009-1523, upgrade the affected package to a fixed version below.

Maven/org.mortbay.jetty:jetty—upgrade to 6.1.17 or later

Is CVE-2009-1523 being exploited?

Moderate — EPSS is 12.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 6.1.17

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (15)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-1523
WEBitrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
WEBjira.codehaus.org/browse/JETTY-1004
WEBbugzilla.redhat.com/show_bug.cgi?id=499867
WEB