Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
Jetty is prone to an information-disclosure vulnerability because it fails to sufficiently sanitize user-supplied input.An attacker can exploit this issue to view private directories or files within the context of the webserver process. Information obtained may lead to other attacks. This issue affects Jetty 6.1.5 and 6.1.6.
The vendor released an update to address this issue. Please see the references for more information. Jetty Jetty 6.1.6 Cuyahoga jetty-6.1.7.zip http://dist.codehaus.org/jetty/jetty-6.1.7/jetty-6.1.7.zip Jetty Jetty 6.1.5 Cuyahoga jetty-6.1.7.zip http://dist.codehaus.org/jetty/jetty-6.1.7/jetty-6.1.7.zip
Attackers can exploit this vulnerability with a browser.