Bug 428016 - (CVE-2007-6672) CVE-2007-6672 Jetty directory traversal
CVE-2007-6672 Jetty directory traversal
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 428017 428018
  Show dependency treegraph
Reported: 2008-01-08 13:02 EST by Red Hat Product Security
Modified: 2010-12-22 18:45 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-22 18:45:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2008-01-08 13:02:08 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6672 to the following vulnerability:

Directory traversal vulnerability in Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read arbitrary files via directory traversal sequences in the URI, as demonstrated by files in WEB-INF, related to improper handling of consecutive '/' (slash) characters.


Comment 2 Jeff Johnston 2008-04-08 19:31:16 EDT
The version of jetty in fedora is jetty5, not jetty6.  From the information
provided, it is only 6.1.5 and 6.1.6 and thus does not apply.  This bug should
be closed.  I will do so if I do not hear a reply as to why it should not be closed.

Comment 4 Red Hat Bugzilla 2009-10-23 15:04:11 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.
Comment 5 Vincent Danen 2010-12-22 18:45:21 EST
Current Fedora has 6.1.21 or newer which is not affected by this flaw.

Note You need to log in before you can comment on or make changes to this bug.