Published: 09/06/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse jetty
debian debian linux 9.0
debian debian linux 10.0
oracle rest data services
oracle communications cloud native core policy 1.14.0
netapp snap creator framework -
netapp hci -
netapp active iq unified manager -
netapp management services for element software -

Synopsis Low: Red Hat Integration Camel-K 181 security update Type/Severity Security Advisory: Low Topic A micro version update is now available for Red Hat Integration Camel K The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as having a sec ...

Debian Bug report logs - #989999 jetty9: CVE-2021-28169 Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 17 Jun 2021 13:51:04 UTC Severity: important Tags: security, upstream Foun ...

For Eclipse Jetty versions <= 9440, <= 1002, <= 1102, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory For example a request to `/concat?/%2557EB-INF/webxml` can retrieve the webxml file This can reveal sensitive information regarding the implem ...

For Eclipse Jetty versions &lt;= 9440, &lt;= 1002, &lt;= 1102, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory For example a request to `/concat?/%2557EB-INF/webxml` can retrieve the webxml file This can reveal sensitive information regardin ...

JETTY CVE-2021-34429 通过四个POC可以同时检测多个JETTY漏洞 CVE-2021-34429 CVE-2021-28164 CVE-2021-28169 Python版本本POC使用python3运行安装依赖 urllibrequest urllibparse sys 使用方法 python3 CVE-2021-3

An exploration of Neo4j with deployment to AWS in an active state on demand and a passive state when unused.

ondemand-neo4j On-demand Neo4j is an exploration of Neo4j with deployment to AWS in an active state on demand and a passive state when unused Mission statement: Be a useful starting point for a low utilisation project using Neo4j and a demonstration platform that wakes up in under a minute Getting started on Windows Install Git: ht

CVE-2021-28169

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect