PT-2016-6148 · Eclipse · Eclipse Jetty

Published

2016-06-03

Updated

2020-10-20

CVE-2016-4800

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 9.3.x through 9.3.8

Description The issue concerns a path normalization mechanism flaw in the PathResource class, allowing remote attackers to bypass security constraints by utilizing URLs with specific escaped characters, notably backslashes, on Windows systems.

Recommendations For Eclipse Jetty versions 9.3.x through 9.3.8, update to version 9.3.9 or later to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-4800

GHSA-872G-2H8H-362Q

ZDI-16-362

Affected Products

Eclipse Jetty

PT-2016-6148 · Eclipse · Eclipse Jetty

CVE-2016-4800

Weakness Enumeration

Related Identifiers

Affected Products

References · 12