3.5
CVSSv3

CVE-2021-34428

CVSSv4: NA | CVSSv3: 3.5 | CVSSv2: 3.6 | VMScore: 450 | EPSS: 0.00155 | KEV: Not Included
Published: 22/06/2021 Updated: 21/11/2024

Vulnerability Summary

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

eclipse jetty

debian debian linux 10.0

netapp active iq unified manager -

netapp e-series santricity os controller

netapp e-series santricity web services -

netapp element plug-in for vcenter server -

netapp santricity cloud connector -

netapp snap creator framework -

netapp snapmanager -

oracle autovue for agile product lifecycle management 21.0.2

oracle communications element manager 8.2.2

oracle communications services gatekeeper 7.0

oracle communications session report manager

oracle communications session route manager

oracle rest data services

oracle siebel core - automation

Vendor Advisories

Debian Bug report logs - #990578 jetty9: CVE-2021-34428 Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers &lt;pkg-java-maintainers@listsaliothdebianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Fri, 2 Jul 2021 13:09:06 UTC Severity: important Tags: security, upstream Foun ...
Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service For the stable distribution (buster), these problems have been fixed in version 9416-0+deb10u1 We recommend that you upgrade your jetty9 packages Fo ...
No description is available for this CVE ...

References

CWE-613CWE-613https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990578https://www.first.org/epsshttps://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210813-0003/https://www.debian.org/security/2021/dsa-4949https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3Ehttps://lists.apache.org/thread.html/ref1c161a1621504e673f9197b49e6efe5a33ce3f0e6d8f1f804fc695%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210813-0003/https://www.debian.org/security/2021/dsa-4949https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html