===================================================================== CERT-Renater Note d'Information No. 2007/VULN484 _____________________________________________________________________ DATE : 05/12/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Mortbay Jetty. ====================================================================== http://www.kb.cert.org/vuls/id/212984 http://www.kb.cert.org/vuls/id/438616 http://www.kb.cert.org/vuls/id/237888 ______________________________________________________________________ US-CERT Vulnerability Note VU#212984 Mortbay Jetty vulnerable to HTTP response splitting Overview Mortbay Jetty is vulnerable to HTTP response splitting, which may allow a remote, unauthenticated attacker to inject various HTTP headers. I. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle HTTP headers with CRLF sequences, which can allow an attacker to inject certain HTTP headers into server responses. II. Impact A remote, unauthenticated attacker may be able to perform a cross-site scripting attack, set cookies, or poison a proxy cache. III. Solution Apply an update This issue is addressed in Mortbay Jetty 6.1.6 [2]. Details are available in the release notes [1]. Systems Affected Vendor Status Date Updated Mort Bay Vulnerable 4-Dec-2007 References [1] http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt [2] http://dist.codehaus.org/jetty/jetty-6.1.6/ Credit Thanks to Tomasz Kuczynski for reporting this vulnerability. This document was written by Will Dormann. Other Information Date Public 03/11/2007 Date First Published 04/12/2007 13:21:11 Date Last Updated 03/12/2007 CERT Advisory CVE Name CVE-2007-5615 Metric 4.41 Document Revision 3 _______________________________________________________________________ US-CERT Vulnerability Note VU#438616 Mortbay Jetty fails to properly handle cookies with quotes Overview Mortbay Jetty fails to properly handle cookie quotes, which may allow session hijacking. I. Description Mortbay Jetty is a web server that is written in Java. Jetty fails to properly handle cookies with certain quote sequences. This can cause the Jetty cookie parsing mechanism to improperly handle all of the cookies in the cookie string that follow the cookie with the quote sequence. II. Impact This vulnerability can increase the possibility of a session hijacking success. In the presense of a cross-site scripting vulnerability, it may allow a denial-of-service attack against a web site by preventing a client from being able to log in using cookies. III. Solution Apply an update This issue is addressed in Mortbay Jetty 6.1.6 [2]. Details are available in the release notes [1]. Systems Affected Vendor Status Date Updated Mort Bay Vulnerable 4-Dec-2007 References [1] http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt [2] http://dist.codehaus.org/jetty/jetty-6.1.6/ Credit Thanks to Tomasz Kuczynski for reporting this vulnerability. This document was written by Will Dormann. Other Information Date Public 05/11/2007 Date First Published 04/12/2007 13:05:14 Date Last Updated 03/12/2007 CERT Advisory CVE Name CVE-2007-5614 Metric 2.78 Document Revision 4 _____________________________________________________________________________ US-CERT Vulnerability Note VU#237888 Mortbay Jetty Dump Servlet vulnerable to cross-site scripting Overview The Mortbay Jetty Dump Servlet contains a cross-site scripting vulnerability. I. Description Mortbay Jetty is a web server that is written in Java. The Dump Servlet that is included with Jetty is vulnerable to cross-site scripting. Note that according to the vendor, the Dump Servlet is for testing purposes and is not intended to be included in a live web site. II. Impact A remote, unauthenticated attacker may be able to perform a cross-site scripting attack against a Jetty web server. More information about cross-site scripting can be found in CERT Advisory CA-2000-02. III. Solution Apply an update This issue is addressed in Mortbay Jetty 6.1.6 [3]. Details are available in the release notes [1]. Remove the Dump Servlet This issue can be mitigated by removing the Dump Servlet from the web server. Systems Affected Vendor Status Date Updated Mort Bay Vulnerable 4-Dec-2007 References [1] http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt [2] http://jira.codehaus.org/browse/JETTY-452 [3] http://dist.codehaus.org/jetty/jetty-6.1.6/ Credit Thanks to Tomasz Kuczynski for reporting this vulnerability. This document was written by Will Dormann. Other Information Date Public 05/11/2007 Date First Published 04/12/2007 12:40:07 Date Last Updated 03/12/2007 CERT Advisory CVE Name CVE-2007-5613 Metric 3.29 Document Revision 7 ====================================================================== ========================================================= Les serveurs de re'fe'rence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================