CVE-2016-4800

Published: 13 April 2017

The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
jetty
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(jetty 9.3.x only)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(jetty 9.3.x only)
jetty8
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(jetty 9.3.x only)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(jetty 9.3.x only)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(jetty 9.3.x only)
jetty9
Launchpad, Ubuntu, Debian
Upstream
Released (9.3.9)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(jetty 9.3.x only)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist