According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities:
An issue where CPU usage can reach 100% with a large invalid TLS frame. (CVE-2021-28165)
A issue with permitting access to protected resources within the WEB-INF directory when accessed with encoded paths. (CVE-2021-28164)
An issue when a symlinked webapps directory is used, the contents of the webapps directory is deployed as a static webapp. (CVE-2021-28163)
Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165
github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5