Remote Code Exposure in Jetty 6.0.x by Eclipse Foundation
CVE-2006-2759

Currently unrated

Key Information:

Vendor: Jetty
Status: Jetty
Vendor: CVE Published:; 2 June 2006

What is CVE-2006-2759?

Jetty 6.0.x (jetty6) beta16 is vulnerable to a security flaw that enables remote attackers to expose and read arbitrary script source code. This occurs when the .jsp file extension is manipulated with a capital 'P', which can also affect other mixed case manipulations. The vulnerability could lead to unauthorized disclosure of sensitive information, emphasizing the need for effective security measures.

References

http://securitytracker.com/id?1016168

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 2, 2006