CVE-2007-5614 | Vulnerability Database | Aqua Security

Mortbay Jetty before 6.1.6rc1 does not properly handle certain quote sequences in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Jetty	Mortbay_jetty	1.0 (including)	1.0 (including)
Jetty	Mortbay_jetty	2.4 (including)	2.4 (including)
Jetty	Mortbay_jetty	3.0 (including)	3.0 (including)
Jetty	Mortbay_jetty	3.1 (including)	3.1 (including)
Jetty	Mortbay_jetty	4.0 (including)	4.0 (including)
Jetty	Mortbay_jetty	4.1 (including)	4.1 (including)
Jetty	Mortbay_jetty	4.2 (including)	4.2 (including)
Jetty	Mortbay_jetty	5 (including)	5 (including)
Jetty	Mortbay_jetty	5.1 (including)	5.1 (including)
Jetty	Mortbay_jetty	6 (including)	6 (including)
Jetty	Mortbay_jetty	6.1 (including)	6.1 (including)

References

http://osvdb.org/42496
http://secunia.com/advisories/27925
http://secunia.com/advisories/30941
http://secunia.com/advisories/35143
http://svn.codehaus.org/jetty/jetty/trunk/VERSION.txt
http://www.kb.cert.org/vuls/id/438616
http://www.securityfocus.com/bid/26695
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00227.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00250.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5614
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html