7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2009-4611

GHSA ID

GHSA-6jxp-7g74-2rc3

EPSS Score

0.70284%

CWE

CWE-20

Published

5/2/2022

Updated

1/27/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2009-4611

CVE-2009-4611: Improper input validation in Mort Bay Jetty

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator, related to (1) a string value in the Age parameter to the default URI for the Cookie Dump Servlet in test-jetty-webapp/src/main/java/com/acme/CookieDump.java under cookie/, (2) an alphabetic value in the A parameter to jsp/expr.jsp, or (3) an alphabetic value in the Content-Length HTTP header to an arbitrary application.

(GitHub Advisory)

7.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2009-4611

GHSA ID

GHSA-6jxp-7g74-2rc3

EPSS Score

0.70284%

CWE

CWE-20

Published

5/2/2022

Updated

1/27/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.mortbay.jetty:jetty	maven	>= 6.0.0, < 6.1.23	6.1.23
org.mortbay.jetty:jetty	maven	>= 7.0.0, < 7.0.2	7.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability arises from improper input validation in three specific components: (1) The CookieDump servlet's handleForm method processes the 'Age' parameter without ensuring it is a valid integer, leading to unescaped exception messages. (2) The expr.jsp page reflects the 'A' parameter without sanitization, allowing escape sequences in error outputs. (3) Jetty's core HTTP parser fails to validate the Content-Length header as numeric, causing exceptions with unsanitized values. All three scenarios involve unvalidated user input being included in error traces, which are then written to logs/terminals without escaping control characters. The advisory explicitly identifies these entry points, and their code paths are consistent with the described exploit vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Mort **y J*tty *.x t*rou** *.*.** *n* *.*.* writ*s ***ktr*** **t* wit*out s*nitizin* non-print**l* ***r**t*rs, w*i** mi**t *llow r*mot* *tt**k*rs to mo*i*y * win*ow's titl*, or possi*ly *x**ut* *r*itr*ry *omm*n*s or ov*rwrit* *il*s, vi* *n *TTP r*qu*

Reasoning

T** vuln*r**ility *ris*s *rom improp*r input v*li**tion in t*r** sp**i*i* *ompon*nts: (*) T** `*ooki**ump` s*rvl*t's `**n*l**orm` m*t*o* pro**ss*s t** '***' p*r*m*t*r wit*out *nsurin* it is * v*li* int***r, l***in* to un*s**p** *x**ption m*ss***s. (*

7.3

Basic Information

Concerned about an active attack path?

CVE-2009-4611: Improper input validation in Mort Bay Jetty

7.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI