In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty |
||
eclipse jetty 10.0.0 |
||
eclipse jetty 10.0.1 |
||
eclipse jetty 11.0.0 |
||
eclipse jetty 11.0.1 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
apache ignite |
||
apache solr 8.8.1 |
||
netapp cloud manager - |
||
netapp e-series performance analyzer - |
||
netapp e-series santricity os controller |
||
netapp e-series santricity web services - |
||
netapp element plug-in for vcenter server - |
||
netapp santricity cloud connector - |
||
netapp snapcenter - |
||
netapp snapcenter plug-in - |
||
netapp storage replication adapter for clustered data ontap |
||
netapp vasa provider for clustered data ontap |
||
netapp virtual storage console |
||
oracle autovue for agile product lifecycle management 21.0.2 |
||
oracle banking apis 20.1 |
||
oracle banking apis 21.1 |
||
oracle banking digital experience 20.1 |
||
oracle banking digital experience 21.1 |
||
oracle communications element manager 8.2.2 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications session report manager |
||
oracle communications session route manager |
||
oracle siebel core - automation |