Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.311 views

Jetty WEB-INF File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jetty WEB-INF File Disclosure', 'Description' = %q Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access...

5.3CVSS7AI score0.93778EPSS
Exploits11
SUSE CVE
SUSE CVEadded 2023/02/15 3:44 a.m.3 views

SUSE CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

5.9CVSS8.5AI score0.93485EPSS
Exploits7References6
Metasploit
Metasploitadded 2021/11/13 5:42 p.m.1796 views

Jetty WEB-INF File Disclosure

Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, bu...

5.3CVSS7.1AI score0.93778EPSS
Exploits11
OpenVAS
OpenVASadded 2021/06/09 12:0 a.m.23 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

5.3CVSS5.6AI score0.93485EPSS
Exploits7References1
OSV
OSVadded 2021/04/01 3:15 p.m.0 views

UBUNTU-CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

2.7CVSS6.7AI score0.00154EPSS
Exploits1References3
OpenVAS
OpenVASadded 2021/03/02 12:0 a.m.19 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-j6qj-j888-vvgq) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

4CVSS5.6AI score0.00154EPSS
Exploits1References1
OpenVAS
OpenVASadded 2021/03/02 12:0 a.m.17 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-j6qj-j888-vvgq) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

4CVSS5.6AI score0.00154EPSS
Exploits1References1
Rows per page
Query Builder