Critical severity9.8NVD Advisory· Published Apr 13, 2017· Updated Jun 17, 2026
CVE-2016-4800
CVE-2016-4800
Description
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.eclipse.jetty:jetty-serverMaven | >= 9.3.0, < 9.3.9 | 9.3.9 |
Affected products
20cpe:2.3:a:eclipse:jetty:9.3.0:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:eclipse:jetty:9.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.0:m0:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.0:m1:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.htmlnvdPatchVendor AdvisoryWEB
- www.ocert.org/advisories/ocert-2016-001.htmlnvdMitigationPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/90945nvdThird Party AdvisoryVDB EntryWEB
- www.zerodayinitiative.com/advisories/ZDI-16-362nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-872g-2h8h-362qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4800ghsaADVISORY
- security.netapp.com/advisory/ntap-20190307-0006ghsaWEB
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdWEB
- security.netapp.com/advisory/ntap-20190307-0006/nvd
News mentions
0No linked articles in our index yet.