Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash (%5C) characters. NOTE: this might be the same issue as CVE-2006-2758.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jetty | Mortbay | * | 5.1.5 (including) |
| Jetty | Mortbay | 1.0 (including) | 1.0 (including) |
| Jetty | Mortbay | 1.0.1 (including) | 1.0.1 (including) |
| Jetty | Mortbay | 1.1 (including) | 1.1 (including) |
| Jetty | Mortbay | 1.1.1 (including) | 1.1.1 (including) |
| Jetty | Mortbay | 1.2.0 (including) | 1.2.0 (including) |
| Jetty | Mortbay | 1.3.0 (including) | 1.3.0 (including) |
| Jetty | Mortbay | 1.3.1 (including) | 1.3.1 (including) |
| Jetty | Mortbay | 1.3.2 (including) | 1.3.2 (including) |
| Jetty | Mortbay | 1.3.3 (including) | 1.3.3 (including) |
| Jetty | Mortbay | 1.3.4 (including) | 1.3.4 (including) |
| Jetty | Mortbay | 1.3.5 (including) | 1.3.5 (including) |
| Jetty | Mortbay | 2.0-alpha1 (including) | 2.0-alpha1 (including) |
| Jetty | Mortbay | 2.0-alpha2 (including) | 2.0-alpha2 (including) |
| Jetty | Mortbay | 2.0-beta1 (including) | 2.0-beta1 (including) |
| Jetty | Mortbay | 2.0-beta2 (including) | 2.0-beta2 (including) |
| Jetty | Mortbay | 2.0.0 (including) | 2.0.0 (including) |
| Jetty | Mortbay | 2.0.1 (including) | 2.0.1 (including) |
| Jetty | Mortbay | 2.0.2 (including) | 2.0.2 (including) |
| Jetty | Mortbay | 2.0.3 (including) | 2.0.3 (including) |
| Jetty | Mortbay | 2.0.4 (including) | 2.0.4 (including) |
| Jetty | Mortbay | 2.0.5 (including) | 2.0.5 (including) |
| Jetty | Mortbay | 2.1.0 (including) | 2.1.0 (including) |
| Jetty | Mortbay | 2.1.1 (including) | 2.1.1 (including) |
| Jetty | Mortbay | 2.1.2 (including) | 2.1.2 (including) |
| Jetty | Mortbay | 2.1.3 (including) | 2.1.3 (including) |
| Jetty | Mortbay | 2.1.4 (including) | 2.1.4 (including) |
| Jetty | Mortbay | 2.1.5 (including) | 2.1.5 (including) |
| Jetty | Mortbay | 2.1.6 (including) | 2.1.6 (including) |
| Jetty | Mortbay | 2.1.7 (including) | 2.1.7 (including) |
| Jetty | Mortbay | 2.1.b0 (including) | 2.1.b0 (including) |
| Jetty | Mortbay | 2.1.b1 (including) | 2.1.b1 (including) |
| Jetty | Mortbay | 2.2-alpha0 (including) | 2.2-alpha0 (including) |
| Jetty | Mortbay | 2.2-alpha1 (including) | 2.2-alpha1 (including) |
| Jetty | Mortbay | 2.2-beta0 (including) | 2.2-beta0 (including) |
| Jetty | Mortbay | 2.2-beta1 (including) | 2.2-beta1 (including) |
| Jetty | Mortbay | 2.2-beta2 (including) | 2.2-beta2 (including) |
| Jetty | Mortbay | 2.2-beta3 (including) | 2.2-beta3 (including) |
| Jetty | Mortbay | 2.2-beta4 (including) | 2.2-beta4 (including) |
| Jetty | Mortbay | 2.2.0 (including) | 2.2.0 (including) |
| Jetty | Mortbay | 2.2.1 (including) | 2.2.1 (including) |
| Jetty | Mortbay | 2.2.2 (including) | 2.2.2 (including) |
| Jetty | Mortbay | 2.2.3 (including) | 2.2.3 (including) |
| Jetty | Mortbay | 2.2.4 (including) | 2.2.4 (including) |
| Jetty | Mortbay | 2.2.5 (including) | 2.2.5 (including) |
| Jetty | Mortbay | 2.2.6 (including) | 2.2.6 (including) |
| Jetty | Mortbay | 2.2.7 (including) | 2.2.7 (including) |
| Jetty | Mortbay | 2.2.8 (including) | 2.2.8 (including) |
| Jetty | Mortbay | 2.3.0 (including) | 2.3.0 (including) |
| Jetty | Mortbay | 2.3.0a (including) | 2.3.0a (including) |
| Jetty | Mortbay | 2.3.1 (including) | 2.3.1 (including) |
| Jetty | Mortbay | 2.3.2 (including) | 2.3.2 (including) |
| Jetty | Mortbay | 2.3.3 (including) | 2.3.3 (including) |
| Jetty | Mortbay | 2.3.4 (including) | 2.3.4 (including) |
| Jetty | Mortbay | 2.3.5 (including) | 2.3.5 (including) |
| Jetty | Mortbay | 2.4.0 (including) | 2.4.0 (including) |
| Jetty | Mortbay | 2.4.1 (including) | 2.4.1 (including) |
| Jetty | Mortbay | 2.4.2 (including) | 2.4.2 (including) |
| Jetty | Mortbay | 2.4.3 (including) | 2.4.3 (including) |
| Jetty | Mortbay | 2.4.4 (including) | 2.4.4 (including) |
| Jetty | Mortbay | 2.4.5 (including) | 2.4.5 (including) |
| Jetty | Mortbay | 2.4.6 (including) | 2.4.6 (including) |
| Jetty | Mortbay | 2.4.7 (including) | 2.4.7 (including) |
| Jetty | Mortbay | 2.4.8 (including) | 2.4.8 (including) |
| Jetty | Mortbay | 2.4.9 (including) | 2.4.9 (including) |
| Jetty | Mortbay | 3.0 (including) | 3.0 (including) |
| Jetty | Mortbay | 3.0.0 (including) | 3.0.0 (including) |
| Jetty | Mortbay | 3.0.0-rc1 (including) | 3.0.0-rc1 (including) |
| Jetty | Mortbay | 3.0.0-rc2 (including) | 3.0.0-rc2 (including) |
| Jetty | Mortbay | 3.0.0-rc3 (including) | 3.0.0-rc3 (including) |
| Jetty | Mortbay | 3.0.0-rc4 (including) | 3.0.0-rc4 (including) |
| Jetty | Mortbay | 3.0.0-rc5 (including) | 3.0.0-rc5 (including) |
| Jetty | Mortbay | 3.0.0-rc6 (including) | 3.0.0-rc6 (including) |
| Jetty | Mortbay | 3.0.0-rc7 (including) | 3.0.0-rc7 (including) |
| Jetty | Mortbay | 3.0.0-rc8 (including) | 3.0.0-rc8 (including) |
| Jetty | Mortbay | 3.0.1 (including) | 3.0.1 (including) |
| Jetty | Mortbay | 3.0.2 (including) | 3.0.2 (including) |
| Jetty | Mortbay | 3.0.3 (including) | 3.0.3 (including) |
| Jetty | Mortbay | 3.0.4 (including) | 3.0.4 (including) |
| Jetty | Mortbay | 3.0.5 (including) | 3.0.5 (including) |
| Jetty | Mortbay | 3.0.6 (including) | 3.0.6 (including) |
| Jetty | Mortbay | 3.0.a0 (including) | 3.0.a0 (including) |
| Jetty | Mortbay | 3.0.a1 (including) | 3.0.a1 (including) |
| Jetty | Mortbay | 3.0.a2 (including) | 3.0.a2 (including) |
| Jetty | Mortbay | 3.0.a3 (including) | 3.0.a3 (including) |
| Jetty | Mortbay | 3.0.a4 (including) | 3.0.a4 (including) |
| Jetty | Mortbay | 3.0.a5 (including) | 3.0.a5 (including) |
| Jetty | Mortbay | 3.0.a6 (including) | 3.0.a6 (including) |
| Jetty | Mortbay | 3.0.a7 (including) | 3.0.a7 (including) |
| Jetty | Mortbay | 3.0.a8 (including) | 3.0.a8 (including) |
| Jetty | Mortbay | 3.0.a9 (including) | 3.0.a9 (including) |
| Jetty | Mortbay | 3.0.a90 (including) | 3.0.a90 (including) |
| Jetty | Mortbay | 3.0.a91 (including) | 3.0.a91 (including) |
| Jetty | Mortbay | 3.0.a92 (including) | 3.0.a92 (including) |
| Jetty | Mortbay | 3.0.a93 (including) | 3.0.a93 (including) |
| Jetty | Mortbay | 3.0.a94 (including) | 3.0.a94 (including) |
| Jetty | Mortbay | 3.0.a95 (including) | 3.0.a95 (including) |
| Jetty | Mortbay | 3.0.a96 (including) | 3.0.a96 (including) |
| Jetty | Mortbay | 3.0.a97 (including) | 3.0.a97 (including) |
| Jetty | Mortbay | 3.0.a98 (including) | 3.0.a98 (including) |
| Jetty | Mortbay | 3.0.a99 (including) | 3.0.a99 (including) |
| Jetty | Mortbay | 3.0.b01 (including) | 3.0.b01 (including) |
| Jetty | Mortbay | 3.0.b02 (including) | 3.0.b02 (including) |
| Jetty | Mortbay | 3.0.b03 (including) | 3.0.b03 (including) |
| Jetty | Mortbay | 3.0.b04 (including) | 3.0.b04 (including) |
| Jetty | Mortbay | 3.0.b05 (including) | 3.0.b05 (including) |
| Jetty | Mortbay | 3.1-rc0 (including) | 3.1-rc0 (including) |
| Jetty | Mortbay | 3.1-rc1 (including) | 3.1-rc1 (including) |
| Jetty | Mortbay | 3.1-rc2 (including) | 3.1-rc2 (including) |
| Jetty | Mortbay | 3.1-rc3 (including) | 3.1-rc3 (including) |
| Jetty | Mortbay | 3.1-rc4 (including) | 3.1-rc4 (including) |
| Jetty | Mortbay | 3.1-rc5 (including) | 3.1-rc5 (including) |
| Jetty | Mortbay | 3.1-rc6 (including) | 3.1-rc6 (including) |
| Jetty | Mortbay | 3.1-rc7 (including) | 3.1-rc7 (including) |
| Jetty | Mortbay | 3.1-rc8 (including) | 3.1-rc8 (including) |
| Jetty | Mortbay | 3.1-rc9 (including) | 3.1-rc9 (including) |
| Jetty | Mortbay | 3.1.0 (including) | 3.1.0 (including) |
| Jetty | Mortbay | 3.1.1 (including) | 3.1.1 (including) |
| Jetty | Mortbay | 3.1.2 (including) | 3.1.2 (including) |
| Jetty | Mortbay | 3.1.3 (including) | 3.1.3 (including) |
| Jetty | Mortbay | 3.1.4 (including) | 3.1.4 (including) |
| Jetty | Mortbay | 3.1.5 (including) | 3.1.5 (including) |
| Jetty | Mortbay | 3.1.6 (including) | 3.1.6 (including) |
| Jetty | Mortbay | 3.1.7 (including) | 3.1.7 (including) |
| Jetty | Mortbay | 3.1.8 (including) | 3.1.8 (including) |
| Jetty | Mortbay | 3.1.9 (including) | 3.1.9 (including) |
| Jetty | Mortbay | 4.0-rc1 (including) | 4.0-rc1 (including) |
| Jetty | Mortbay | 4.0-rc2 (including) | 4.0-rc2 (including) |
| Jetty | Mortbay | 4.0-rc3 (including) | 4.0-rc3 (including) |
| Jetty | Mortbay | 4.0.0 (including) | 4.0.0 (including) |
| Jetty | Mortbay | 4.0.1 (including) | 4.0.1 (including) |
| Jetty | Mortbay | 4.0.1-rc0 (including) | 4.0.1-rc0 (including) |
| Jetty | Mortbay | 4.0.1-rc1 (including) | 4.0.1-rc1 (including) |
| Jetty | Mortbay | 4.0.1-rc2 (including) | 4.0.1-rc2 (including) |
| Jetty | Mortbay | 4.0.2 (including) | 4.0.2 (including) |
| Jetty | Mortbay | 4.0.3 (including) | 4.0.3 (including) |
| Jetty | Mortbay | 4.0.4 (including) | 4.0.4 (including) |
| Jetty | Mortbay | 4.0.5 (including) | 4.0.5 (including) |
| Jetty | Mortbay | 4.0.6 (including) | 4.0.6 (including) |
| Jetty | Mortbay | 4.0.b0 (including) | 4.0.b0 (including) |
| Jetty | Mortbay | 4.0.b1 (including) | 4.0.b1 (including) |
| Jetty | Mortbay | 4.0.b2 (including) | 4.0.b2 (including) |
| Jetty | Mortbay | 4.0.d0 (including) | 4.0.d0 (including) |
| Jetty | Mortbay | 4.0.d1 (including) | 4.0.d1 (including) |
| Jetty | Mortbay | 4.0.d2 (including) | 4.0.d2 (including) |
| Jetty | Mortbay | 4.0.d3 (including) | 4.0.d3 (including) |
| Jetty | Mortbay | 4.0.d4 (including) | 4.0.d4 (including) |
| Jetty | Mortbay | 4.1.0 (including) | 4.1.0 (including) |
| Jetty | Mortbay | 4.1.0-rc0 (including) | 4.1.0-rc0 (including) |
| Jetty | Mortbay | 4.1.0-rc1 (including) | 4.1.0-rc1 (including) |
| Jetty | Mortbay | 4.1.0-rc2 (including) | 4.1.0-rc2 (including) |
| Jetty | Mortbay | 4.1.0-rc3 (including) | 4.1.0-rc3 (including) |
| Jetty | Mortbay | 4.1.0-rc4 (including) | 4.1.0-rc4 (including) |
| Jetty | Mortbay | 4.1.0-rc5 (including) | 4.1.0-rc5 (including) |
| Jetty | Mortbay | 4.1.0-rc6 (including) | 4.1.0-rc6 (including) |
| Jetty | Mortbay | 4.1.1 (including) | 4.1.1 (including) |
| Jetty | Mortbay | 4.1.2 (including) | 4.1.2 (including) |
| Jetty | Mortbay | 4.1.3 (including) | 4.1.3 (including) |
| Jetty | Mortbay | 4.1.4 (including) | 4.1.4 (including) |
| Jetty | Mortbay | 4.1.b0 (including) | 4.1.b0 (including) |
| Jetty | Mortbay | 4.1.b1 (including) | 4.1.b1 (including) |
| Jetty | Mortbay | 4.1.d0 (including) | 4.1.d0 (including) |
| Jetty | Mortbay | 4.1.d1 (including) | 4.1.d1 (including) |
| Jetty | Mortbay | 4.1.d2 (including) | 4.1.d2 (including) |
| Jetty | Mortbay | 4.2 (including) | 4.2 (including) |
| Jetty | Mortbay | 4.2.0 (including) | 4.2.0 (including) |
| Jetty | Mortbay | 4.2.0-beta0 (including) | 4.2.0-beta0 (including) |
| Jetty | Mortbay | 4.2.0-rc0 (including) | 4.2.0-rc0 (including) |
| Jetty | Mortbay | 4.2.0-rc1 (including) | 4.2.0-rc1 (including) |
| Jetty | Mortbay | 4.2.1 (including) | 4.2.1 (including) |
| Jetty | Mortbay | 4.2.2 (including) | 4.2.2 (including) |
| Jetty | Mortbay | 4.2.3 (including) | 4.2.3 (including) |
| Jetty | Mortbay | 4.2.4 (including) | 4.2.4 (including) |
| Jetty | Mortbay | 4.2.4-rc0 (including) | 4.2.4-rc0 (including) |
| Jetty | Mortbay | 4.2.5 (including) | 4.2.5 (including) |
| Jetty | Mortbay | 4.2.6 (including) | 4.2.6 (including) |
| Jetty | Mortbay | 4.2.7 (including) | 4.2.7 (including) |
| Jetty | Mortbay | 4.2.8_01 (including) | 4.2.8_01 (including) |
| Jetty | Mortbay | 4.2.9 (including) | 4.2.9 (including) |
| Jetty | Mortbay | 4.2.9-rc1 (including) | 4.2.9-rc1 (including) |
| Jetty | Mortbay | 4.2.9-rc2 (including) | 4.2.9-rc2 (including) |
| Jetty | Mortbay | 4.2.10 (including) | 4.2.10 (including) |
| Jetty | Mortbay | 4.2.10-pre0 (including) | 4.2.10-pre0 (including) |
| Jetty | Mortbay | 4.2.10-pre1 (including) | 4.2.10-pre1 (including) |
| Jetty | Mortbay | 4.2.10-pre2 (including) | 4.2.10-pre2 (including) |
| Jetty | Mortbay | 4.2.11 (including) | 4.2.11 (including) |
| Jetty | Mortbay | 4.2.12 (including) | 4.2.12 (including) |
| Jetty | Mortbay | 4.2.14 (including) | 4.2.14 (including) |
| Jetty | Mortbay | 4.2.14-rc0 (including) | 4.2.14-rc0 (including) |
| Jetty | Mortbay | 4.2.14-rc1 (including) | 4.2.14-rc1 (including) |
| Jetty | Mortbay | 4.2.15 (including) | 4.2.15 (including) |
| Jetty | Mortbay | 4.2.15-rc0 (including) | 4.2.15-rc0 (including) |
| Jetty | Mortbay | 4.2.16 (including) | 4.2.16 (including) |
| Jetty | Mortbay | 4.2.17 (including) | 4.2.17 (including) |
| Jetty | Mortbay | 4.2.18 (including) | 4.2.18 (including) |
| Jetty | Mortbay | 4.2.19 (including) | 4.2.19 (including) |
| Jetty | Mortbay | 4.2.20 (including) | 4.2.20 (including) |
| Jetty | Mortbay | 4.2.20-rc0 (including) | 4.2.20-rc0 (including) |
| Jetty | Mortbay | 4.2.21 (including) | 4.2.21 (including) |
| Jetty | Mortbay | 4.2.22 (including) | 4.2.22 (including) |
| Jetty | Mortbay | 4.2.23 (including) | 4.2.23 (including) |
| Jetty | Mortbay | 4.2.23-rc0 (including) | 4.2.23-rc0 (including) |
| Jetty | Mortbay | 4.2.24 (including) | 4.2.24 (including) |
| Jetty | Mortbay | 4.2.24-rc0 (including) | 4.2.24-rc0 (including) |
| Jetty | Mortbay | 4.2.24-rc1 (including) | 4.2.24-rc1 (including) |
| Jetty | Mortbay | 4.2.25 (including) | 4.2.25 (including) |
| Jetty | Mortbay | 4.2.26 (including) | 4.2.26 (including) |
| Jetty | Mortbay | 4.2.27 (including) | 4.2.27 (including) |
| Jetty | Mortbay | 5.0-alpha0 (including) | 5.0-alpha0 (including) |
| Jetty | Mortbay | 5.0-alpha1 (including) | 5.0-alpha1 (including) |
| Jetty | Mortbay | 5.0-alpha2 (including) | 5.0-alpha2 (including) |
| Jetty | Mortbay | 5.0-alpha3 (including) | 5.0-alpha3 (including) |
| Jetty | Mortbay | 5.0-beta0 (including) | 5.0-beta0 (including) |
| Jetty | Mortbay | 5.0-beta1 (including) | 5.0-beta1 (including) |
| Jetty | Mortbay | 5.0-beta2 (including) | 5.0-beta2 (including) |
| Jetty | Mortbay | 5.0-rc1 (including) | 5.0-rc1 (including) |
| Jetty | Mortbay | 5.0-rc2 (including) | 5.0-rc2 (including) |
| Jetty | Mortbay | 5.0-rc3 (including) | 5.0-rc3 (including) |
| Jetty | Mortbay | 5.0-rc4 (including) | 5.0-rc4 (including) |
| Jetty | Mortbay | 5.0.0 (including) | 5.0.0 (including) |
| Jetty | Mortbay | 5.0.0-rc0 (including) | 5.0.0-rc0 (including) |
| Jetty | Mortbay | 5.1 (including) | 5.1 (including) |
| Jetty | Mortbay | 5.1.0 (including) | 5.1.0 (including) |
| Jetty | Mortbay | 5.1.1 (including) | 5.1.1 (including) |
| Jetty | Mortbay | 5.1.1-rc0 (including) | 5.1.1-rc0 (including) |
| Jetty | Mortbay | 5.1.1-rc1 (including) | 5.1.1-rc1 (including) |
| Jetty | Mortbay | 5.1.2 (including) | 5.1.2 (including) |
| Jetty | Mortbay | 5.1.2-pre0 (including) | 5.1.2-pre0 (including) |
| Jetty | Mortbay | 5.1.3 (including) | 5.1.3 (including) |
| Jetty | Mortbay | 5.1.3-rc0 (including) | 5.1.3-rc0 (including) |
| Jetty | Mortbay | 5.1.3-rc1 (including) | 5.1.3-rc1 (including) |
| Jetty | Mortbay | 5.1.3-rc2 (including) | 5.1.3-rc2 (including) |
| Jetty | Mortbay | 5.1.3-rc3 (including) | 5.1.3-rc3 (including) |
| Jetty | Mortbay | 5.1.3-rc4 (including) | 5.1.3-rc4 (including) |
| Jetty | Mortbay | 5.1.4 (including) | 5.1.4 (including) |
| Jetty | Mortbay | 5.1.4-rc0 (including) | 5.1.4-rc0 (including) |
| Jetty | Mortbay | 5.1.5-rc0 (including) | 5.1.5-rc0 (including) |
| Jetty | Mortbay | 5.1.5-rc1 (including) | 5.1.5-rc1 (including) |
| Jetty | Mortbay | 5.1.5-rc2 (including) | 5.1.5-rc2 (including) |
| Jetty | Mortbay | 5.1.11-rc0 (including) | 5.1.11-rc0 (including) |
There are many different kinds of mistakes that introduce information exposures. The severity of the error can range widely, depending on the context in which the product operates, the type of sensitive information that is revealed, and the benefits it may provide to an attacker. Some kinds of sensitive information include:
Information might be sensitive to different parties, each of which may have their own expectations for whether the information should be protected. These parties include:
Information exposures can occur in different ways:
It is common practice to describe any loss of confidentiality as an “information exposure,” but this can lead to overuse of CWE-200 in CWE mapping. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read. CWE-200 and its lower-level descendants are intended to cover the mistakes that occur in behaviors that explicitly manage, store, transfer, or cleanse sensitive information.