https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Fri, 01 May 2026 05:11:03 +0000 https://vulnerability.circl.lu/sighting/44d34639-f751-4d22-a07a-9d2c92713a5e/export {"uuid": "44d34639-f751-4d22-a07a-9d2c92713a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8150", "content": "ATENTION\u203c New - CVE-2009-5047\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-15T18:28:21.000000Z"} {"uuid": "44d34639-f751-4d22-a07a-9d2c92713a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8150", "content": "ATENTION\u203c New - CVE-2009-5047\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-15T18:28:21.000000Z"} https://vulnerability.circl.lu/sighting/44d34639-f751-4d22-a07a-9d2c92713a5e/export Fri, 15 Nov 2019 18:28:21 +0000 https://vulnerability.circl.lu/sighting/57191070-4852-4ecb-aee7-c67b16121913/export {"uuid": "57191070-4852-4ecb-aee7-c67b16121913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8256", "content": "ATENTION\u203c New - CVE-2009-5047 (debian_linux, jetty)\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-21T18:27:19.000000Z"} {"uuid": "57191070-4852-4ecb-aee7-c67b16121913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2009-5047", "type": "seen", "source": "https://t.me/cibsecurity/8256", "content": "ATENTION\u203c New - CVE-2009-5047 (debian_linux, jetty)\n\nJetty 6.x before 6.1.22 suffers from an escape sequence injection vulnerability from two different vectors: 1) \"Cookie Dump Servlet\" and 2) Http Content-Length header. 1) A POST request to the form at \"/test/cookie/\" with the \"Age\" parameter set to a string throws a \"java.lang.NumberFormatException\" which reflects binary characters including ESC. These characters could be used to execute arbitrary commands or buffer dumps in the terminal. 2) The same attack in 1) can be exploited by requesting a page using an HTTP request \"Content-Length\" header set to a letteral string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-11-21T18:27:19.000000Z"} https://vulnerability.circl.lu/sighting/57191070-4852-4ecb-aee7-c67b16121913/export Thu, 21 Nov 2019 18:27:19 +0000