CVE-2009-5045: Infoleak
First published: Wed Nov 06 2019(Updated: )
Dump Servlet information leak in jetty before 6.1.22.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Eclipse Jetty | <6.1.22 | |
| Debian Debian Linux | =8.0 | |
| debian/jetty |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2009-5045?
CVE-2009-5045 is a vulnerability in Jetty web server versions prior to 6.1.22 that allows an attacker to leak sensitive information through a dump servlet.
What software is affected by CVE-2009-5045?
Jetty web server versions prior to 6.1.22 and Debian Linux version 8.0 with the Jetty package are affected by CVE-2009-5045.
How severe is CVE-2009-5045?
CVE-2009-5045 has a severity rating of 7.5 (high).
How can I fix CVE-2009-5045?
To fix CVE-2009-5045, upgrade to Jetty version 6.1.22 or later if you are using Jetty web server, or apply the necessary security updates if you are using Debian Linux 8.0 with the Jetty package.
Where can I find more information about CVE-2009-5045?
You can find more information about CVE-2009-5045 at the following references: [1] https://security-tracker.debian.org/tracker/CVE-2009-5045, [2] http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt, [3] https://www.openwall.com/lists/oss-security/2011/01/14/2
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- collector/security-tracker-debian
- vendor/eclipse
- canonical/eclipse jetty
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- package-manager/debian