Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2021-28164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access...

5.3CVSS6.5AI score0.82371EPSS
Exploits7References3
Broadcom
Broadcom
added 2024/05/01 12:0 a.m.14 views

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

9.4CVSS5.8AI score0.99298EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/15 1:35 p.m.59 views

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics

Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...

7.8CVSS6.5AI score0.99298EPSS
Exploits16Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.7AI score0.99298EPSS
Exploits11References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 8:34 p.m.157 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)

Summary There are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw ...

7.8CVSS6.4AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.78 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/11/19 7:51 p.m.67 views

Metasploit Wrap-Up

Azure Active Directory login scanner module Community contributor k0pak4 added a new login scanner module for Azure Active Directory. This module exploits a vulnerable authentication endpoint in order to enumerate usernames without generating log events. The error code returned by the endpoint ca...

10CVSS8.1AI score0.99214EPSS
Exploits16
Metasploit
Metasploit
added 2021/11/13 5:42 p.m.1853 views

Jetty WEB-INF File Disclosure

Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, bu...

5.3CVSS7.1AI score0.99298EPSS
Exploits11
0day.today
0day.today
added 2021/10/22 12:0 a.m.556 views

Jetty 9.4.37.v20210219 - Information Disclosure Vulnerability

Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and 9.4.38.v20210224 Tested...

5.3CVSS6.6AI score0.82371EPSS
Exploits7
Packet Storm
Packet Storm
added 2021/10/22 12:0 a.m.638 views

Jetty 9.4.37.v20210219 Information Disclosure

Exploit Title: Jetty 9.4.37.v20210219 - Information Disclosure Date: 2021-10-21 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/ Version: 9.4.37.v20210219 and...

5.3CVSS6.6AI score0.82371EPSS
Exploits7
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.598 views

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS
Exploits9References6
Circl
Circl
added 2021/07/15 8:26 p.m.11 views

CVE-2021-28164

creationtimestamp| type| source ---|---|--- 2021-07-15 20:26:58+00:00| seen| https://t.me/cibsecurity/26189 2021-09-02 09:51:47+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/491 2021-11-12 18:09:42+00:00| seen|...

5.3CVSS6.4AI score0.82371EPSS
Exploits7References4
Prion
Prion
added 2021/07/15 5:15 p.m.53 views

Security feature bypass

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5CVSS6.1AI score0.99298EPSS
Exploits11References38Affected Software12
Debian CVE
Debian CVE
added 2021/07/15 5:0 p.m.53 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6AI score0.99298EPSS
Exploits6
OpenVAS
OpenVAS
added 2021/07/13 12:0 a.m.38 views

openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:2005-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6.7AI score0.82371EPSS
Exploits11References2
RedHat Linux
RedHat Linux
added 2021/07/12 12:12 p.m.135 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.8.2 release and security update

Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.8CVSS6.7AI score0.82371EPSS
Exploits10References11
OPENSUSE Linux
OPENSUSE Linux
added 2021/07/11 12:0 a.m.110 views

Security update for jetty-minimal (important)

openSUSE Security Update: Security update for jetty-minimal Announcement ID: openSUSE-SU-2021:2005-1 Rating: important References: 1184366 1184367 1184368 1187117 Cross-References: CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVSS scores: CVE-2021-28163 NVD : 2.7...

7.5CVSS7.6AI score0.82371EPSS
Exploits11References4
OpenVAS
OpenVAS
added 2021/06/18 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2021:2005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.2AI score0.82371EPSS
Exploits11References2
OSV
OSV
added 2021/06/17 4:4 p.m.16 views

SUSE-SU-2021:2005-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc1184367, CVE-2021-28165 - jet...

7.8CVSS4.9AI score0.82371EPSS
Exploits11References9
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-v7ff-8wcx-gmc5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

5.3CVSS5.6AI score0.82371EPSS
Exploits7References1
Rows per page
Query Builder