Session Hijacking Vulnerability in Mortbay Jetty by Software Vendor
CVE-2007-5614

Currently unrated

Key Information:

Vendor: Mortbay Jetty
Status: Jetty
Vendor: CVE Published:; 5 December 2007

What is CVE-2007-5614?

The vulnerability in Mortbay Jetty versions prior to 6.1.6rc1 arises from improper handling of certain quote sequences within HTML cookie parameters. This flaw can be exploited by remote attackers to hijack browser sessions, leading to unauthorized access and potential data compromise. This vulnerability underscores the importance of rigorous input validation and the necessity for timely updates to mitigate associated risks.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/30941

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 5, 2007
Vulnerability Reserved
Oct 21, 2007