Vulnerabilities > CVE-2002-1178 - Unspecified vulnerability in Jetty Http Server

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jetty

exploit available

NVD

Published: 2002-10-11

Updated: 2016-10-18

Summary

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.

Vulnerable Configurations

Part	Description	Count
Application	Jetty Jetty Jetty Http Server *	1

Exploit-Db

description	Jetty 3.1.6/3.1.7/4.1 Servlet Engine Arbitrary Command Execution Vulnerability. CVE-2002-1178. Webapps exploit for cgi platform
id	EDB-ID:21895
last seen	2016-02-02
modified	2002-10-02
published	2002-10-02
reporter	Matt Moore
source	https://www.exploit-db.com/download/21895/
title	Jetty 3.1.6/3.1.7/4.1 Servlet Engine Arbitrary Command Execution Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References