Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3577
HistoryOct 03, 2002 - 12:00 a.m.

wp-02-0011: Jetty CGIServlet Arbitrary Command Execution

2002-10-0300:00:00
vulners.com
43
JSON

Westpoint Security Advisory

Title: Jetty CGIServlet Arbitrary Command Execution
Risk Rating: Medium
Software: Jetty Servlet Container
Platforms: Win32 (other platforms not tested)
Vendor URL: www.mortbay.org
Author: Matt Moore <[email protected]>
Date: 1st October 2002
Advisory ID#: wp-02-0011.txt

Overview:

Jetty is a 100% Java HTTP Server and Servlet Container. A flaw
in the CGIServlet allows an attacker to execute arbitrary commands
on the server.

Details:

Commands can be executed on the server by making requests like:

http://jetty-server:8080/cgi-bin/..&#92;..&#92;..&#92;..&#92;..&#92;..&#92;winnt/notepad.exe

Patch / Workaround Information:

The vendor responded quickly and has released a fixed version, 4.1.0
which can be downloaded from http://jetty.mortbay.org

Excerpt from Vendor announcement at:

http://groups.yahoo.com/group/jetty-announce/message/45

'4.1.0 also contains a priority security fix for the CGI servlet
running on windows platforms. This remotely exploitable problem
effects all previous versions of Jetty that use the CGI servlet
on windows without a permissions file configured for the context.
The CGI servlet from 4.1.0 may be used in 4.0 releases.'

This advisory is available online at:

http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt

JSON