漏洞信息详情
Jetty Cookie Names Session Hijacking 漏洞
- CNNVD编号:CNNVD-200712-047
- 危害等级: 高危
![图片[1]-Jetty Cookie Names Session Hijacking 漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2007-5614
- 漏洞类型:
设计错误
- 发布时间:
2007-12-05
- 威胁类型:
远程
- 更新时间:
2009-06-10
- 厂 商:
mortbay_jetty - 漏洞来源:
Tomasz Kuczynski r… -
漏洞简介
Mortbay Jetty 不能正确处理HTML cookie参数中的\”特定引用序列\” ,远程攻击者可以借助未明向量攻击浏览工具会谈。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Jetty Jetty 6.1.4
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.3
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.1
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.5
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.2
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.0pre2
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.1.0pre3
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 3.1.6
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 3.1.7
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.1 .0RC4
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.1 .0
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.1.1
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.11
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.12
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.14
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.15
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.16
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.17
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.18
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.19
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.24
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.27
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.4
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.5
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.6
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.7
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 4.2.9
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 5.1.11
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 5.1.12
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 5.15
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 5.16
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.0.1
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
Jetty Jetty 6.0.2
Jetty jetty-6.1.6.zip
http://dist.codehaus.org/jetty/jetty-6.1.6/jetty-6.1.6.zip
参考网址
来源: US-CERT
名称: VU#438616
链接:http://www.kb.cert.org/vuls/id/438616
来源: FEDORA
名称: FEDORA-2008-6164
链接:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html
来源: FEDORA
名称: FEDORA-2008-6141
链接:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
来源: svn.codehaus.org
链接:http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
来源: SECUNIA
名称: 35143
链接:http://secunia.com/advisories/35143
来源: SECUNIA
名称: 30941
链接:http://secunia.com/advisories/30941
来源: OSVDB
名称: 42496
来源: BID
名称: 26695
链接:http://www.securityfocus.com/bid/26695
来源: SECUNIA
名称: 27925
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
