Package: jetty Version: 5.1.5rc1-6 Severity: grave Tags: security Justification: user security hole
An input validation error when processing HTTP requests containing specially crafted characters can be exploited to display the source code of Java Server pages instead of an expected HTML response. Please see http://www.frsirt.com/english/advisories/2005/2515 for details. It's fixed upstream in 5.1.6. This has been assigned CVE-2005-3747, please mention it in the changelog when fixing it. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
