Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2021-28169

Опубликовано: 09 июн. 2021
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS2: 5
CVSS3: 5.3

Описание

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

9.4.57-1
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

not-affected

9.4.45-1
esm-apps/noble

not-affected

9.4.53-1
esm-apps/xenial

needed

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%
0.88841
Высокий

5 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2021-28169

CVSS3: 5.3
redhat
больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

nvd логотип

CVE-2021-28169

CVSS3: 5.3
nvd
больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

debian логотип

CVE-2021-28169

CVSS3: 5.3
debian
больше 4 лет назад

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is poss ...

github логотип

GHSA-gwcr-j4wh-j3cq

CVSS3: 5.3
github
больше 4 лет назад

Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

fstec логотип

BDU:2023-05680

CVSS3: 5.3
fstec
больше 4 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 100%
0.88841
Высокий

5 Medium

CVSS2

5.3 Medium

CVSS3