Critical severity9.8NVD Advisory· Published Apr 13, 2017· Updated May 13, 2026
CVE-2016-4800
CVE-2016-4800
Description
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty:jetty-serverMaven | >= 9.3.0, < 9.3.9 | 9.3.9 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.htmlnvdPatchVendor AdvisoryWEB
- www.ocert.org/advisories/ocert-2016-001.htmlnvdMitigationPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/90945nvdThird Party AdvisoryVDB EntryWEB
- www.zerodayinitiative.com/advisories/ZDI-16-362nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-872g-2h8h-362qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4800ghsaADVISORY
- security.netapp.com/advisory/ntap-20190307-0006ghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- security.netapp.com/advisory/ntap-20190307-0006/nvd
News mentions
0No linked articles in our index yet.