CVE-2007-5614

high

Description

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

References

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html

http://www.securityfocus.com/bid/26695

http://www.kb.cert.org/vuls/id/438616

http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt

http://secunia.com/advisories/35143

http://secunia.com/advisories/30941

http://secunia.com/advisories/27925

http://osvdb.org/42496

Details

Source: Mitre, NVD

Published: 2007-12-05

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L