Lucene search
K

22 matches found

Broadcom
Broadcom
added 2024/05/01 12:0 a.m.14 views

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...

9.4CVSS5.8AI score0.99298EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/15 1:35 p.m.59 views

Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Analytic Accelerator Framework for Communication Service Providers & IBM Customer and Network Analytics

Summary Eclipse Jetty is used in the solution's microservices bis, auth, analytics, cna as the engine of the HTTP server, underpinning APIs and UI. Several CVEs were found in the version used. These vulnerabilities are addressed. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jet...

7.8CVSS6.5AI score0.99298EPSS
Exploits16Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.7AI score0.99298EPSS
Exploits11References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/17 1:12 p.m.45 views

Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Eclipse Jetty

Summary IBM Sterilng B2B Integrator has addressed multiple security vulnerabilities in Eclipse Jetty. Vulnerability Details CVEID:CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.5AI score0.99298EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 8:34 p.m.157 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect Rational Service Tester (CVE-2021-28169, CVE-2021-34428, CVE-2021-28163, CVE-2021-28164, CVE-2021-34429, CVE-2021-28165)

Summary There are vulnerabilities in Eclipse Jetty that affect Rational Service Tester. Rational Service Tester has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw ...

7.8CVSS6.4AI score0.99298EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/29 5:38 p.m.70 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues due to Eclipse Jetty

Summary Eclipse Jetty has reported multiple vulnerabilities. IBM Sterling Secure Proxy has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw i...

7.5CVSS6.9AI score0.99298EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/29 6:27 a.m.79 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester

Summary There are multiple vulnerabilities in Eclipse Jetty used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-28169 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, cause...

7.8CVSS7.2AI score0.99298EPSS
Exploits16Affected Software1
RedHat Linux
RedHat Linux
added 2022/01/13 3:25 p.m.147 views

Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.0.0 release and security update

Red Hat AMQ Streams 2.0.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9CVSS7.8AI score0.99977EPSS
Exploits48References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/17 5:19 p.m.55 views

Security Bulletin: IBM MQ is vulnerable to multiple Jetty vulnerabilities (CVE-2021-34428, CVE-2021-34429, CVE-2021-28169)

Summary Multiple issues were identified in Eclipse Jetty that IBM MQ Explorer uses and is affected by. Vulnerability Details CVEID: CVE-2021-34428 DESCRIPTION: Eclipse Jetty could allow a physical attacker to bypass security restrictions, caused by a session ID is not invalidated flaw when an...

5.3CVSS5.3AI score0.99298EPSS
Exploits9Affected Software1
Metasploit
Metasploit
added 2021/11/13 5:42 p.m.1856 views

Jetty WEB-INF File Disclosure

Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, bu...

5.3CVSS7.1AI score0.99298EPSS
Exploits11
0day.today
0day.today
added 2021/11/03 12:0 a.m.218 views

Eclipse Jetty 11.0.5 - Sensitive File Disclosure Vulnerability

Exploit Title: Eclipse Jetty 11.0.5 - Sensitive File Disclosure Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.eclipse.org/jetty/ Software Link: https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/ Version: 9.4.37 ≤ version ColdFusionX - Web Application...

5.3CVSS6.7AI score0.99298EPSS
Exploits6
OpenVAS
OpenVAS
added 2021/08/26 12:0 a.m.24 views

openSUSE: Security Advisory for jetty-minimal (openSUSE-SU-2021:2838-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.3CVSS5.8AI score0.99298EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2021/08/26 12:0 a.m.40 views

SUSE SLED15: jetty-http / jetty-io / jetty-security / jetty-server / etc (SUSE-SU-2021:2838-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2838-1 advisory. - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF...

5.3CVSS6.7AI score0.99298EPSS
Exploits6References4
OSV
OSV
added 2021/08/25 10:34 a.m.11 views

OPENSUSE-SU-2021:2838-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. bsc1188438...

5.3CVSS6.2AI score0.99298EPSS
Exploits6References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/25 12:0 a.m.52 views

Security update for jetty-minimal (moderate)

openSUSE Security Update: Security update for jetty-minimal Announcement ID: openSUSE-SU-2021:2838-1 Rating: moderate References: 1188438 Cross-References: CVE-2021-34429 CVSS scores: CVE-2021-34429 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-34429 SUSE: 6.5...

6.5CVSS6.7AI score0.99298EPSS
Exploits6References1
OpenVAS
OpenVAS
added 2021/07/16 12:0 a.m.42 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-vjv5-gp2w-65vm) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

5.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2021/07/16 12:0 a.m.33 views

Eclipse Jetty Information Disclosure Vulnerability (GHSA-vjv5-gp2w-65vm) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

5.9AI score
Exploits0References1
Circl
Circl
added 2021/07/15 8:26 p.m.15 views

CVE-2021-34429

creationtimestamp| type| source ---|---|--- 2021-07-15 20:26:58+00:00| seen| https://t.me/cibsecurity/26189 2021-11-03 09:15:34+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/796 2021-11-12 18:09:42+00:00| seen|...

5.3CVSS6.5AI score0.99298EPSS
Exploits6References4
UbuntuCve
UbuntuCve
added 2021/07/15 5:15 p.m.131 views

CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.8AI score0.99298EPSS
Exploits6References2
CVE
CVE
added 2021/07/15 5:0 p.m.393 views

CVE-2021-34429

CVE-2021-34429 affects Eclipse Jetty: 9.4.37–9.4.42, 10.0.1–10.0.5, and 11.0.1–11.0.5. A vulnerability allows crafting certain encoded URIs to access WEB-INF content and bypass some security constraints, constituting a variation of CVE-2021-28164. Public references in connected docs describe this...

5.3CVSS5.4AI score0.99298EPSS
Exploits6References38Affected Software1
Rows per page
Query Builder