Уязвимость CVE-2021-28169

Пакет	Статус	Версия исправления	Тип
jetty9	fixed	9.4.39-2	package
jetty8	removed		package
jetty	removed		package

CVE-2021-28169

CVSS3: 5.3

ubuntu

больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

CVE-2021-28169

CVSS3: 5.3

redhat

больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

CVE-2021-28169

CVSS3: 5.3

nvd

больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

GHSA-gwcr-j4wh-j3cq

CVSS3: 5.3

github

больше 4 лет назад

Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

BDU:2023-05680

CVSS3: 5.3

fstec

больше 4 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить конфиденциальную информацию

exploitDog

CVE-2021-28169

Описание

Пакеты

Примечания

Связанные уязвимости