Lucene search
K

4 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.7 views

SUSE CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

5.9CVSS8.5AI score0.82371EPSS
Exploits7References6
Veracode
Veracode
added 2021/04/05 8:18 a.m.48 views

Information Disclosure

jetty-server is vulnerable to information disclosure. The URI normalisation in default compliance mode does not escape % encoded characters in the request metadata by common Servlet implementations, allowing access to sensitive resources within the WEB-INF directory via the use of URI with %2e or...

5.3CVSS4.4AI score0.82371EPSS
Exploits7References45Affected Software4
OSV
OSV
added 2021/04/01 3:15 p.m.6 views

DEBIAN-CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

5.3CVSS6.6AI score0.82371EPSS
Exploits7References1
Prion
Prion
added 2021/04/01 3:15 p.m.35 views

Design/Logic Flaw

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

5CVSS6AI score0.82371EPSS
Exploits7References25Affected Software10
Rows per page
Query Builder