Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4949-1:1212B
HistoryAug 04, 2021 - 9:52 p.m.

[SECURITY] [DSA 4949-1] jetty9 security update

2021-08-0421:52:09
lists.debian.org
92

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

Debian Security Advisory DSA-4949-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 04, 2021 https://www.debian.org/security/faq

Package : jetty9
CVE ID : CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223
CVE-2020-28165 CVE-2020-28169 CVE-2021-34428

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine
and webserver which could result in cross-site scripting, information
disclosure, privilege escalation or denial of service.

For the stable distribution (buster), these problems have been fixed in
version 9.4.16-0+deb10u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Related

nessus 11
osv 13
ibm 64
debian 1
redhat 18
veracode 5
redhatcve 5
githubexploit 4
openvas 4
debiancve 5
symantec 2
f5 4
ubuntucve 5
github 5
prion 7
cve 7
packetstorm 1
seebug 1
zdt 1
checkpoint_advisories 1
exploitdb 1
attackerkb 1
oracle 11
nessus
nessus
Debian DSA-4949-1 : jetty9 - security update
2021-08-05 00:00:00
Debian DLA-2661-1 : jetty9 security update
2021-05-17 00:00:00
RHEL 8 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)
2021-06-29 00:00:00
osv
osv
jetty9 - security update
2021-08-05 00:00:00
jetty9 - security update
2021-05-14 00:00:00
SessionListener can prevent a session from being invalidated breaking logout
2021-06-23 20:23:04
ibm
ibm
Security Bulletin: IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247)
2019-07-24 03:15:01
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)
2023-02-01 21:46:34
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Performance Tester
2019-12-16 16:01:20
debian
debian
[SECURITY] [DLA 2661-1] jetty9 security update
2021-05-14 13:28:53
redhat
redhat
(RHSA-2021:2499) Moderate: OpenShift Container Platform 4.6.36 security update
2021-06-29 05:50:19
(RHSA-2020:5168) Moderate: rh-eclipse security, bug fix and enhancement update
2020-11-23 08:51:52
(RHSA-2021:2431) Important: OpenShift Container Platform 4.5.41 security update
2021-07-01 23:55:11
veracode
veracode
Insecure Session ID
2021-06-24 03:44:41
Denial Of Service(DoS)
2021-03-01 03:37:45
Cross-site Scripting (XSS)
2019-04-23 03:03:46
redhatcve
redhatcve
CVE-2021-34428
2021-06-22 18:16:39
CVE-2020-27223
2021-03-02 15:02:57
CVE-2019-10247
2019-05-03 12:04:35
githubexploit
githubexploit
Exploit for Insufficient Session Expiration in Eclipse Jetty
2023-11-01 10:15:36
Exploit for Insufficient Session Expiration in Eclipse Jetty
2023-11-27 07:25:34
Exploit for Uncontrolled Resource Consumption in Eclipse Jetty
2021-03-19 03:50:45
openvas
openvas
Eclipse Jetty XSS Vulnerability - CVE-2019-10241 (Linux)
2019-04-25 00:00:00
Eclipse Jetty XSS Vulnerability - CVE-2019-10241 (Windows)
2019-04-25 00:00:00
Eclipse Jetty Information Disclosure Vulnerability - CVE-2019-10247 (Windows)
2019-04-25 00:00:00
debiancve
debiancve
CVE-2019-10241
2019-04-22 20:29:00
CVE-2019-10247
2019-04-22 20:29:00
CVE-2021-34428
2021-06-22 15:15:00
symantec
symantec
Eclipse Jetty CVE-2019-10241 Cross Site Scripting Vulnerability
2019-04-04 00:00:00
Eclipse Jetty CVE-2019-10247 Information Disclosure Vulnerability
2019-06-11 00:00:00
f5
f5
K01869532 : Eclipse Jetty vulnerability CVE-2019-10241
2020-12-14 00:00:00
K41412302 : Jetty vulnerability CVE-2019-10247
2020-12-01 00:00:00
K18484125 : Eclipse Jetty vulnerability CVE-2020-27216
2022-05-18 00:00:00
ubuntucve
ubuntucve
CVE-2021-34428
2021-06-22 00:00:00
CVE-2019-10241
2019-04-22 00:00:00
CVE-2020-27216
2020-10-23 00:00:00
github
github
Cross-site Scripting in Eclipse Jetty
2019-04-23 16:06:02
DOS vulnerability for Quoted Quality CSV headers
2021-03-10 03:46:47
Installation information leak in Eclipse Jetty
2019-04-23 16:07:12
prion
prion
Design/Logic Flaw
2019-04-22 20:29:00
Design/Logic Flaw
2019-04-22 20:29:00
Design/Logic Flaw
2021-02-26 22:15:00
cve
cve
CVE-2019-10247
2019-04-22 20:29:00
CVE-2020-27216
2020-10-23 13:15:00
CVE-2019-10241
2019-04-22 20:29:00
packetstorm
packetstorm
Fluentd TD-agent 4.0.1 Insecure Folder Permission
2021-01-05 00:00:00
seebug
seebug
Jetty WEB-INF 信息泄露漏洞(CVE-2021-34428)
2021-07-30 00:00:00
zdt
zdt
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Vulnerability
2021-01-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Eclipse Jetty Denial Of Service (CVE-2020-27223)
2021-04-05 00:00:00
exploitdb
exploitdb
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
2021-01-05 00:00:00
attackerkb
attackerkb
CVE-2021-28169
2021-06-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON
Related for DEBIAN:DSA-4949-1:1212B
nessus11osv13ibm64debian1redhat18veracode5redhatcve5githubexploit4openvas4debiancve5symantec2f54ubuntucve5github5prion7cve7packetstorm1seebug1zdt1checkpoint_advisories1exploitdb1attackerkb1oracle11