Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Amazon
Amazonadded 2024/01/09 12:0 a.m.2 views

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

5.3CVSS6.6AI score0.9026EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2021/10/18 5:45 p.m.3 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.9026EPSS
Exploits2References4
RedHat Linux
RedHat Linuxadded 2021/09/30 9:57 a.m.1 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.9026EPSS
Exploits2References4
RedHat Linux
RedHat Linuxadded 2021/08/19 7:17 a.m.1 views

jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

5.3CVSS6.9AI score0.9026EPSS
Exploits2References4
OSV
OSVadded 2021/07/03 11:3 a.m.1 views

OESA-2021-1249 jetty security update

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separat...

5.3CVSS6.5AI score0.9026EPSS
Exploits2References2
OSV
OSVadded 2021/06/10 3:43 p.m.6 views

GHSA-GWCR-J4WH-J3CQ Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

5.3CVSS6.8AI score0.9026EPSS
Exploits2References26
CNNVD
CNNVDadded 2021/06/09 12:0 a.m.1 views

Eclipse Jetty 安全漏洞

Eclipse Jetty is an open source, Java-based web server and Java Servlet container from the Eclipse Foundation. A security vulnerability exists in Eclipse Jetty that originates from accessing protected resources in the WEB-INF directory via a double-coded path request to a ConcatServlet. The...

5.3CVSS7.3AI score0.9026EPSS
Exploits2References54
Rows per page
Query Builder