Jetty 4.1 Servlet Engine - Cross-Site Scripting

Author: Skinnay
type: webapps
platform: jsp
port: 
date_added: 2002-09-28 
date_updated: 2012-10-10 
verified: 1 
codes: CVE-2002-1533;OSVDB-9209 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/5821/info

Jetty is a freely available, open source Java Web Server and Servlet Container. It is available for Linux, Unix, and Microsoft Windows platforms.

It has been reported that Jetty does not properly sanitize requests. This could result in a user clicking a malicious link that would execute script or HTML code in the security context of the site hosted by the Jetty server. An attacker could exploit this vulnerability to gain authentication cookies, or other sensitive information.

http://www.example.com/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp