CRLF Injection in Mortbay Jetty Affects Multiple Versions
CVE-2007-5615

Currently unrated

Key Information:

Vendor: Mortbay Jetty
Status: Jetty
Vendor: CVE Published:; 5 December 2007

What is CVE-2007-5615?

The CRLF injection vulnerability in Mortbay Jetty allows attackers to inject arbitrary HTTP headers, leading to potential HTTP response splitting attacks. This exploit can manipulate the server's response, potentially redirecting users or injecting malicious content into the response stream. Affected versions prior to 6.1.6rc0 remain at risk if not patched. It is crucial for users and administrators to review their Jetty configurations and ensure they are operating on a secure version to mitigate this risk.

References

http://osvdb.org/42495

vdb-entryx_refsource_OSVDB

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Dec 5, 2007
Vulnerability Reserved
Oct 21, 2007