CVE-2009-1523: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
(updated )
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
References
- itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
- jira.codehaus.org/browse/JETTY-1004
- www.kb.cert.org/vuls/id/402580
- www.kb.cert.org/vuls/id/CRDY-7RKQCY
- www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
- www.securityfocus.com/bid/34800
- www.securityfocus.com/bid/35675
- www.securitytracker.com/id?1022563
- www.vupen.com/english/advisories/2009/1900
- www.vupen.com/english/advisories/2010/1792
- bugzilla.redhat.com/show_bug.cgi?id=499867
- github.com/advisories/GHSA-9986-w5h5-vw59
- nvd.nist.gov/vuln/detail/CVE-2009-1523
- www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
- www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
- www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
Code Behaviors & Features
Detect and mitigate CVE-2009-1523 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →