Lucene search
K

239 matches found

RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.7 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/10/18 5:45 p.m.7 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
Atlassian
Atlassian
added 2021/10/07 12:6 p.m.28 views

Local File Dislocusure to Browse All Files in /atlassian-bamboo

This vulnerability affects certain versions of Atlassian Bamboo. Attacker can craft URL to browse all files inside /atlassian-bamboo at Bamboo installation folder, which includes files at WEB-INF folder...

6.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/10/07 12:6 p.m.33 views

Local File Dislocusure to Browse All Files in /atlassian-bamboo

This vulnerability affects certain versions of Atlassian Bamboo. Attacker can craft URL to browse all files inside /atlassian-bamboo at Bamboo installation folder, which includes files at WEB-INF folder...

4.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.599 views

Jetty < 9.4.39 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.114 views

Jetty 10.0.x < 10.0.2 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.39, 10.0.x prior to 10.0.2 or 11.0.x prior to 11.0.2. It is, therefore, affected by multiple vulnerabilities: - An issue where CPU usage can reach 100% with a large invalid TLS...

7.8CVSS6.6AI score0.82371EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2021/10/04 12:0 a.m.849 views

Jetty < 9.4.41 Multiple Vulnerabilities

According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...

5.3CVSS5.7AI score0.7848EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.3 views

jetty: Ambiguous paths can access WEB-INF

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

5.3CVSS7.4AI score0.82371EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.4 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.7848EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2021/09/30 9:57 a.m.4 views

jetty: crafted URIs allow bypassing security constraints

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.9AI score0.99298EPSS
Exploits6References4
Veracode
Veracode
added 2021/09/24 2:16 a.m.20 views

Directory Traversal

jms-core is vulnerable to directory traversal. Lack of secure handling of paths allows an attacker to traverse into the WEB-INF folder and read files...

7.5CVSS4.1AI score0.52926EPSS
Exploits6References8Affected Software1
OpenVAS
OpenVAS
added 2021/08/26 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2021:2838-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.5AI score0.99298EPSS
Exploits6References2
OSV
OSV
added 2021/08/25 10:34 a.m.12 views

OPENSUSE-SU-2021:2838-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. bsc1188438...

5.3CVSS6.2AI score0.99298EPSS
Exploits6References3
OSV
OSV
added 2021/08/25 10:34 a.m.13 views

SUSE-SU-2021:2838-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. bsc1188438...

5.3CVSS5.9AI score0.99298EPSS
Exploits6References3
RedHat Linux
RedHat Linux
added 2021/08/19 7:17 a.m.4 views

jetty: Ambiguous paths can access WEB-INF

In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...

5.3CVSS7.4AI score0.82371EPSS
Exploits7References5
seebug.org
seebug.org
added 2021/07/30 12:0 a.m.549 views

Jetty WEB-INF 信息泄露漏洞(CVE-2021-34428)

...

3.6CVSS1AI score0.00963EPSS
Exploits1
OSV
OSV
added 2021/07/19 3:15 p.m.8 views

GHSA-VJV5-GP2W-65VM Encoded URIs can access WEB-INF directory in Eclipse Jetty

Description URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Impact The default compliance mode allows requests with UR...

5.3CVSS6.7AI score0.99298EPSS
Exploits6References41
Veracode
Veracode
added 2021/07/16 6:32 a.m.44 views

Information Disclosure

jetty-http is vulnerable to information disclosure. Insecure parsing of encoded characters allow an attacker to bypass security constraints and potentially access private files within the WEB-INF directory...

5.3CVSS4.6AI score0.99298EPSS
Exploits6References71Affected Software2
OSV
OSV
added 2021/07/15 5:15 p.m.5 views

DEBIAN-CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.5AI score0.99298EPSS
Exploits6References1
OSV
OSV
added 2021/07/15 5:15 p.m.4 views

UBUNTU-CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

5.3CVSS6.8AI score0.99298EPSS
Exploits6References3
Rows per page
Query Builder