For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eclipse jetty |
||
netapp snap creator framework - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp e-series santricity web services - |
||
netapp snapcenter plug-in - |
||
netapp e-series santricity os controller |
||
netapp element plug-in for vcenter server - |
||
oracle autovue for agile product lifecycle management 21.0.2 |
||
oracle retail eftlink 20.0.1 |
||
oracle communications cloud native core binding support function 1.10.0 |
||
oracle communications diameter signaling router |
||
oracle communications cloud native core unified data repository 1.14.0 |
||
oracle communications cloud native core service communication proxy 1.14.0 |
||
oracle communications cloud native core security edge protection proxy 1.5.0 |
||
oracle financial services crime and compliance management studio 8.0.8.2.0 |
||
oracle financial services crime and compliance management studio 8.0.8.3.0 |
||
oracle rest data services |
||
oracle stream analytics |
||
oracle stream analytics 19c |