Hi There have been two more CVEs[0][1] for jetty:
CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. CVE-2007-5614: Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5613 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5614
signature.asc
Description: This is a digitally signed message part.
