{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "9.3.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.3.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.3.3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.3.4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.3.8" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "9.3.0" }, { "introduced": "0" }, { "last_affected": "9.3.0-m0" }, { "introduced": "0" }, { "last_affected": "9.3.0-m1" }, { "introduced": "0" }, { "last_affected": "9.3.0-maintenance2" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.4-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.5" }, { "introduced": "0" }, { "last_affected": "9.3.6" }, { "introduced": "0" }, { "last_affected": "9.3.7" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc0" }, { "introduced": "0" }, { "last_affected": "9.3.7-rc1" }, { "introduced": "0" }, { "last_affected": "9.3.8-rc0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "390f3200cce7f90f1f3ebc78013c1afea2f93db8" }, { "introduced": "0" }, { "last_affected": "390f3200cce7f90f1f3ebc78013c1afea2f93db8" }, { "introduced": "0" }, { "last_affected": "224f63adf3cb5709e0c4ce97e87cb6d2d080cf06" }, { "introduced": "0" }, { "last_affected": "18acd5e78e1325485299fa6e2e2ac834df8424b0" }, { "introduced": "0" }, { "last_affected": "299458fe51e7127429720e8a7ebf8f2bb421ecf6" }, { "introduced": "0" }, { "last_affected": "bc673eab1a2d21e568cde2cf786ee062529ab3d2" }, { "introduced": "0" }, { "last_affected": "cae7e6543057a603e021dfff8453ecae95816130" }, { "introduced": "0" }, { "last_affected": "0484a0b3ec71d06f2ee29161bd000a9669dca4fd" }, { "introduced": "0" }, { "last_affected": "29722bd8803e76bbdbf70266cb9399560c10b712" }, { "introduced": "0" }, { "last_affected": "d737e1c638653988ce7d8e5bfb89859347e1c306" }, { "introduced": "0" }, { "last_affected": "c0b191119b74afafb6b59ecaa9d7a66dae056498" }, { "introduced": "0" }, { "last_affected": "e81912f98c9af8927fdc0505df7011c1e368112a" }, { "introduced": "0" }, { "last_affected": "21ca3f6690bff813c546a1da4bb7950c3f91a814" }, { "introduced": "0" }, { "last_affected": "bee564c7d942447f02e8d87a2ea5fe30e651a59c" } ], "repo": "https://github.com/eclipse/jetty.project", "type": "GIT" } ] } ], "details": "The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints via a URL with certain escaped characters, related to backslashes.", "id": "CVE-2016-4800", "modified": "2026-04-01T23:08:51.657857870Z", "published": "2017-04-13T14:59:01.760Z", "references": [ { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/90945" }, { "type": "ADVISORY", "url": "http://www.zerodayinitiative.com/advisories/ZDI-16-362" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20190307-0006/" }, { "type": "FIX", "url": "http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00092.html" }, { "type": "FIX", "url": "http://www.ocert.org/advisories/ocert-2016-001.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }