116 matches found
Security Bulletin: IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty
Summary IBM Security Verify Governance is vulnerable to multiple security threats due to vulnarabilities in Eclipse Jetty CVE-2019-10247, CVE-2021-34428, CVE-2017-7656, CVE-2019-10241, CVE-2021-28169, CVE-2017-7657, CVE-2017-7658, CVE-2016-4800, CVE-2020-27223, CVE-2022-2047. The fixed version...
CVE-2022-29580
There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code...
Google Search 路径遍历漏洞
Google Search is an Internet search engine from Google, Inc. The Google Search application suffers from a path traversal vulnerability that stems from the misuse of its uri.getLastPathSegment resulting in a symbolically encoded string that can bypass the path logic to access an unintended directo...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
VulnCheck KEV: CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can...
Security Bulletin: IBM Tivoli Network Manager is vulnerable to information disclosure attacks due to vulnerabilities in Eclipse Jetty (CVE-2021-28169)
Summary Eclipse Jetty libraries jetty-io, jetty-client, jetty-http, jetty-util used by IBM Tivoli Network Manager, in versions = 9.4.40, = 10.0.2, = 11.0.2 , it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For...
PT-2022-15682 · Cybonet · Cybonet Pineapp Mail Relay
Name of the Vulnerable Software and Affected Versions: Cybonet PineApp Mail Relay affected versions not specified Description: The issue allows an attacker to send a request to the "/manage/mailpolicymtm/log/eml viewer/email.content.body.php" API endpoint with a filesystem path parameter set to a...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
The vulnerability of the XMPP Dino chat client, related to deficiencies in path name limitation, allows attackers to compromise data integrity.
The vulnerability of the XMPP Dino chat client is related to a bug in URI-encoded path separators. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
MGASA-2021-0401 Updated dino packages fix security vulnerability
Updated dino packages fix security vulnerability: Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal only for creation of new files via URI-encoded path separators CVE-2021-33896...
OESA-2021-1249 jetty security update
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separat...
CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
DEBIAN-CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
UBUNTU-CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...