CVE-2002-1533

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).

Published Bycve@mitre.org

Published DateMar 31, 2003, 05:00

Affected Versions(1)

org.mortbay.jetty:jetty(Maven)

Introduced0

Fixed4.1.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.mortbay.jetty:jetty(Maven)	0	4.1.1	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE