CVE-2021-28164

2021-04-01T18:17:28
ID RH:CVE-2021-28164
Type redhatcve
Reporter redhat.com
Modified 2021-07-21T07:50:10

Description

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.