Moderate severityNVD Advisory· Published Jan 8, 2008· Updated Apr 23, 2026
CVE-2007-6672
CVE-2007-6672
Description
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' (slash) characters in the URI.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.mortbay.jetty:jettyMaven | >= 6.1.5, < 6.1.7 | 6.1.7 |
Affected products
2cpe:2.3:a:mortbay_jetty:jetty:6.1.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mortbay_jetty:jetty:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mortbay_jetty:jetty:6.1.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- secunia.com/advisories/28322nvdVendor Advisory
- github.com/advisories/GHSA-4jjw-xrr6-9v3pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2007-6672ghsaADVISORY
- www.kb.cert.org/vuls/id/553235nvdUS Government Resource
- web.archive.org/web/20080113051254/http://www.kb.cert.org/vuls/id/553235ghsaWEB
- web.archive.org/web/20080120225723/http://jira.codehaus.org/browse/JETTY-386ghsaWEB
- web.archive.org/web/20080120225728/http://jira.codehaus.org/browse/JETTY/fixforversion/13950ghsaWEB
- web.archive.org/web/20080517012615/http://www.securityfocus.com/bid/27117ghsaWEB
- jira.codehaus.org/browse/JETTY-386nvd
- jira.codehaus.org/browse/JETTY/fixforversion/13950nvd
- osvdb.org/39855nvd
- secunia.com/advisories/28547nvd
- www.igniterealtime.org/community/message/163752nvd
- www.securityfocus.com/bid/27117nvd
- www.vupen.com/english/advisories/2008/0079nvd
News mentions
0No linked articles in our index yet.