Directory Traversal Vulnerability in Jetty HTTP Server's CGIServlet
CVE-2002-1178

Currently unrated

Key Information:

Vendor: Jetty
Status: Jetty Http Server
Vendor: CVE Published:; 11 October 2002

What is CVE-2002-1178?

The Jetty HTTP server's CGIServlet component is susceptible to a directory traversal vulnerability that allows remote attackers to execute arbitrary commands. By exploiting this vulnerability, an attacker can manipulate HTTP requests to include '..' sequences that can navigate the file system. This could lead to unauthorized access and command execution on the server, posing a significant risk to the integrity and confidentiality of the system.

References

http://www.iss.net/security_center/static/10246.php

vdb-entryx_refsource_XF

http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt

x_refsource_MISC

http://groups.yahoo.com/group/jetty-announce/message/45

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 11, 2002
Vulnerability Reserved
Oct 3, 2002