Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-05-01T18:56:40.688254+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/44d34639-f751-4d22-a07a-9d2c92713a5e/export 44d34639-f751-4d22-a07a-9d2c92713a5e 2026-05-01T18:56:41.002486+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "44d34639-f751-4d22-a07a-9d2c92713a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8150", "content": "ATENTION\u203c New - CVE-2009-5047\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-15T18:28:21.000000Z"} 2019-11-15T18:28:21+00:00 https://vulnerability.circl.lu/sighting/57191070-4852-4ecb-aee7-c67b16121913/export 57191070-4852-4ecb-aee7-c67b16121913 2026-05-01T18:56:41.000294+00:00 Automation user http://vulnerability.circl.lu/user/automation {"uuid": "57191070-4852-4ecb-aee7-c67b16121913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8256", "content": "ATENTION\u203c New - CVE-2009-5047 (debian_linux, jetty)\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-21T18:27:19.000000Z"} 2019-11-21T18:27:19+00:00