Количество 8
Количество 8
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...
GHSA-v7ff-8wcx-gmc5
Authorization Before Parsing and Canonicalization in jetty
BDU:2022-05510
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с ошибками при обработке информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
openSUSE-SU-2021:2005-1
Security update for jetty-minimal
SUSE-SU-2021:2005-1
Security update for jetty-minimal
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
 | CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
 | CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
| CVE-2021-28164 In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ... | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
| GHSA-v7ff-8wcx-gmc5 Authorization Before Parsing and Canonicalization in jetty | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
 | BDU:2022-05510 Уязвимость контейнера сервлетов Eclipse Jetty, связанная с ошибками при обработке информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 5.3 | 93% Критический | почти 5 лет назад |
 | openSUSE-SU-2021:2005-1 Security update for jetty-minimal | больше 4 лет назад | ||
| SUSE-SU-2021:2005-1 Security update for jetty-minimal | больше 4 лет назад |
Уязвимостей на страницу