Fedora Account System
Red Hat Associate
Red Hat Customer
"Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5614 lists 5.1 as an affected version.
jetty-5.1.14-1jpp.1.fc8 has been submitted as an update for Fedora 8
jetty-5.1.14-1jpp.2.fc9 has been submitted as an update for Fedora 9
jetty-5.1.14-1jpp.2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
jetty-5.1.14-1jpp.1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6164 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6141