{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-10-06T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/content/jetty-persistent-xss"}, {"name": "20091006 CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507013/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3579", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.coresecurity.com/content/jetty-persistent-xss", "refsource": "MISC", "url": "http://www.coresecurity.com/content/jetty-persistent-xss"}, {"name": "20091006 CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507013/100/0/threaded"}, {"name": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt", "refsource": "MISC", "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:31:10.632Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.coresecurity.com/content/jetty-persistent-xss"}, {"name": "20091006 CORE-2009-0922: Jetty Persistent XSS in Sample Cookies Application", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507013/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3579", "datePublished": "2009-10-07T17:00:00", "dateReserved": "2009-10-07T00:00:00", "dateUpdated": "2024-08-07T06:31:10.632Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mortbay:jetty:6.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "8F616992-6D50-457F-B699-D0DCA3D46C33", "vulnerable": true}, {"criteria": "cpe:2.3:a:mortbay:jetty:6.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "DAE13225-F90F-4ABC-87A0-DBE63E91FC18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en la aplicaci\u00f3n CookieDum.java  en Mort Bay Jetty v6.1.19 y v6.1.20, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"Value\" en una petici\u00f3n GET a cookie/."}], "id": "CVE-2009-3579", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-10-07T17:30:00.233", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/jetty-persistent-xss"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/507013/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.coresecurity.com/content/jetty-persistent-xss"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/507013/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "jetty: XSS in example Cookie Dump servlet (CORE-2009-0922)", "id": "532656", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=532656"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/."], "name": "CVE-2009-3579", "public_date": "2009-10-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-3579\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3579"], "threat_severity": "Low"}