CVE-2002-1178

Jetty HTTP Server < 4.1.0 - Directory Traversal via CGIServlet

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1178. PoCs published by Matt Moore.

AI-analyzed exploit summary This exploit leverages a directory traversal vulnerability in Jetty's CGIServlet to execute arbitrary commands on Windows systems. The attacker can traverse directories and execute system binaries like notepad.exe.

Description

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Matt Moore · textwebappscgi

https://www.exploit-db.com/exploits/21895

View Code ZIP pw:eip

This exploit leverages a directory traversal vulnerability in Jetty's CGIServlet to execute arbitrary commands on Windows systems. The attacker can traverse directories and execute system binaries like notepad.exe.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Jetty versions for Microsoft Windows prior to 4.1.0

No auth needed

Prerequisites: Jetty server running on Windows with vulnerable CGIServlet · Network access to the target server

MITRE ATT&CK