Red Hat Bugzilla – Bug 428016
CVE-2007-6672 Jetty directory traversal
Last modified: 2010-12-22 18:45:21 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6672 to the following vulnerability:
Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read arbitrary files via directory traversal sequences in the URI, as demonstrated by files in WEB-INF, related to improper handling of consecutive '/' (slash) characters.
The version of jetty in fedora is jetty5, not jetty6. From the information
provided, it is only 6.1.5 and 6.1.6 and thus does not apply. This bug should
be closed. I will do so if I do not hear a reply as to why it should not be closed.
Reporter changed to firstname.lastname@example.org by request of Jay Turner.
Current Fedora has 6.1.21 or newer which is not affected by this flaw.