CVE-2006-2759

jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.

Published: Jun 2, 2006
Updated: May 9, 2024
CVE: CVE-2006-2759
GHSA: GHSA-mq4x-8whh-jx73
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
jetty / jetty	6.0_beta_16	6.0_beta_16.x
org.mortbay.jetty / jetty	-	6.0.0

http://securitytracker.com/id?1016168
https://www.eclipse.org/jetty/about.php

Vulnerability Database

289,598

CVE-2006-2759