10 matches found
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
jetty: Ambiguous paths can access WEB-INF
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
PT-2021-6553 · Eclipse +2 · Eclipse Jetty +2
Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.37 through 9.4.42 Eclipse Jetty versions 10.0.1 through 10.0.5 Eclipse Jetty versions 11.0.1 through 11.0.5 Description: The issue allows an attacker to craft URIs using encoded characters to access the content of t...
OESA-2021-1249 jetty security update
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separat...
DEBIAN-CVE-2021-28169
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
Eclipse Jetty 安全漏洞
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty versions 9.4.37.v20210219 through 9.4.38.v20210224, which stems from a default conformance mode that allows requests with URIs containing...
PT-2021-7921 · Atlassian · Fisheye/Crucible
Name of the Vulnerable Software and Affected Versions: Atlassian Fisheye & Crucible versions prior to 4.8.5 Description: The issue is related to an Insecure Direct Object References IDOR vulnerability in the WEB-INF directory, allowing remote attackers to browse local files. This can lead to...
Atlassian Confluence Server and Confluence Data Center File Disclosure Vulnerability
Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia that can also be used to build enterprise WiKi.Confluence Data Center is the data center version of Confluence Center. A security vulnerability exists in...
PT-2009-1291 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.39 Apache Tomcat versions 5.5.0 through 5.5.27 Apache Tomcat versions 6.0.0 through 6.0.18 Description: The issue allows remote attackers to bypass intended access restrictions and conduct directory...