logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-28164

Description

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.


Affected Software


CPE Name Name Version
eclipse:jetty eclipse jetty 9.4.37
eclipse:jetty eclipse jetty 9.4.38
netapp:santricity_cloud_connector netapp santricity cloud connector -
netapp:snapcenter netapp snapcenter -
netapp:e-series_performance_analyzer netapp e-series performance analyzer -
netapp:e-series_santricity_web_services netapp e-series santricity web services -
netapp:virtual_storage_console netapp virtual storage console *
netapp:storage_replication_adapter_for_clustered_data_ontap netapp storage replication adapter for clustered data ontap *
netapp:vasa_provider_for_clustered_data_ontap netapp vasa provider for clustered data ontap *
netapp:cloud_manager netapp cloud manager -
netapp:snapcenter_plug-in netapp snapcenter plug-in -
netapp:e-series_santricity_os_controller netapp e-series santricity os controller 11.70.1
netapp:element_plug-in_for_vcenter_server netapp element plug-in for vcenter server -
oracle:banking_digital_experience oracle banking digital experience 20.1
oracle:autovue_for_agile_product_lifecycle_management oracle autovue for agile product lifecycle management 21.0.2
oracle:siebel_core_-_automation oracle siebel core - automation 21.9
oracle:communications_session_route_manager oracle communications session route manager 8.2.4
oracle:banking_digital_experience oracle banking digital experience 21.1
oracle:banking_apis oracle banking apis 20.1
oracle:banking_apis oracle banking apis 21.1

Related