Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-28164

CVSSv4: NA | CVSSv3: 5.3 | CVSSv2: 5 | VMScore: 630 | EPSS: 0.08497 | KEV: Not Included
Published: 01/04/2021 Updated: 21/11/2024

Vulnerability Summary

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jetty 9.4.37

eclipse jetty 9.4.38

netapp cloud manager -

netapp e-series performance analyzer -

netapp e-series santricity os controller

netapp e-series santricity web services -

netapp element plug-in for vcenter server -

netapp santricity cloud connector -

netapp snapcenter -

netapp snapcenter plug-in -

netapp storage replication adapter for clustered data ontap

netapp vasa provider for clustered data ontap

netapp virtual storage console

oracle autovue for agile product lifecycle management 21.0.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle banking digital experience 20.1

oracle banking digital experience 21.1

oracle communications session route manager

oracle siebel core - automation

Vendor Advisories

Red Hat: Moderate: Red Hat Integration Camel-K 1.8 security update
Synopsis Moderate: Red Hat Integration Camel-K 18 security update Type/Severity Security Advisory: Moderate Topic A minor version update is now available for Red Hat Integration Camel K The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as havi ...
Debian CVElist Bug Report Logs: jetty9: CVE-2021-34429
Debian Bug report logs - #991188 jetty9: CVE-2021-34429 Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Jul 2021 19:21:01 UTC Owned by: Markus Koschany <apo@debianorg> Se ...
Red Hat: CVE-2021-28164
No description is available for this CVE ...

Exploits

Exploit DB: Jetty 9.4.37.v20210219 Information Disclosure
Jetty version 9437v20210219 suffers from an information disclosure vulnerability ...
Exploit DB: Jetty WEB-INF File Disclosure
Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder Versions effected are: 9437v20210219, 9438v20210224 and 9437-9442, 1001-1005, 1101-1105 Exploitation can obtain any file in the WEB-INF folder, but webxml is most likely to have information of value ...

Github Repositories

https://github.com/jammy0903/-jettyCVE-2021-28164-

jetty /CVE-2021-28164/분석 및 결과

-jettyCVE-2021-28164- jetty /CVE-2021-28164/분석 및 결과

https://github.com/cwh945/JETTY-POC

JETTY CVE-2021-34429 通过四个POC可以同时检测多个JETTY漏洞 CVE-2021-34429 CVE-2021-28164 CVE-2021-28169 Python版本 本POC使用python3运行 安装依赖 urllibrequest urllibparse sys 使用方法 python3 CVE-2021-3

References

CWE-200CWE-551NVD-CWE-Otherhttps://access.redhat.com/errata/RHSA-2022:6407https://nvd.nist.govhttps://github.com/jammy0903/-jettyCVE-2021-28164-https://www.first.org/epsshttps://access.redhat.com/security/cve/cve-2021-28164http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.htmlhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210611-0006/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.htmlhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3Ehttps://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210611-0006/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-0998CVE-2025-26779unknownCVE-2025-1094CVE-2025-1336enituretechnologyunauthorizedCVE-2024-57970s2member prooliver pos – a woocommerce point of sale (pos)CVE-2024-40591race conditiondeserialization
Home
/
Search Results
/
CVE-2021-28164
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook