Skip to main content

Improper Neutralization of Quoting Syntax

CVE-2007-5614

Severity High
Score 7.5/10

Summary

Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters, which allows remote attackers to hijack browser sessions via unspecified vectors.

  • LOW
  • NETWORK
  • NONE
  • PARTIAL
  • PARTIAL
  • PARTIAL

CWE-149 - Improper Neutralization of Quoting Syntax

Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the process to take unexpected actions.

References

Advisory Timeline

  • Published