=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN014
_____________________________________________________________________

DATE                      : 16/01/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Mort Bay Jetty.

======================================================================
http://www.kb.cert.org/vuls/id/553235
______________________________________________________________________

Vulnerability Note VU#553235

Jetty fails to properly process URLs that contain double / characters


Overview

The Jetty webserver contains a vulnerability that may allow an attacker
to access private files or directories.


I. Description

Jetty is a web server implemented in Java. Jetty contains a
vulnerability that occurs because Jetty will process URLs with multiple
/ characters incorrectly. See the Jetty Double slash problem bug report
for more information.


II. Impact

A remote unauthenticated attacker may be able view hidden or private
files and directories.


III. Solution

Upgrade
Jetty version 6.1.7 has been released to address this issue.

Filter URLs
Until updates can be applied, administrators may be able to use an
application firewall or reverse proxy server to filter "//" characters
in URLs.


Systems Affected

Vendor	Status	Date Updated
Mort Bay	Vulnerable	3-Jan-2008


References


http://jira.codehaus.org/browse/JETTY-386#action_117699
http://jira.codehaus.org/browse/JETTY/fixforversion/13950
http://www.visolve.com/squid/squid24s1/access_controls.php
http://httpd.apache.org/docs/1.3/mod/mod_proxy.html
http://secunia.com/advisories/28322/
Credit

Thanks to Greg Wilkins for reporting this vulnerability and providing
information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public	28/12/2007
Date First Published	03/01/2008 10:07:35
Date Last Updated	09/01/2008
CERT Advisory	
CVE Name	CVE-2007-6672
Metric	2,64
Document Revision	15

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================