CVE-2021-28164 Scanner
Detects 'Information Disclosure' vulnerability in Eclipse Jetty affects v. from 9.4.37.v20210219 through 9.4.38.v20210224.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Parent Category
CVE-2021-28164 Scanner Detail
Eclipse Jetty is an open-source Java-based HTTP web serving and servlet engine that is often used in embedded and standalone Java applications as well as in several popular web frameworks. With its lightweight and modular structure, Jetty is capable of running a diverse range of web-based applications including real-time services, event-driven applications, and RESTful web services.
Recently, the CVE-2021-28164 vulnerability was discovered in versions of Jetty ranging from 9.4.37.v20210219 to 9.4.38.v20210224. In technical terms, this flaw is related to the default compliance mode in which requests with URIs containing %2e or %2e%2e segments are allowed to access protected resources within the WEB-INF directory. This allows attackers to exploit the vulnerability and retrieve sensitive information pertaining to the web application's implementation without permission or authentication.
If exploited, this vulnerability can lead to severe consequences such as unauthorized access to sensitive data, vulnerable application code, and misuse of web application functionalities. Additionally, malicious actors can cause server crashes and manipulate and corrupt data, leading to potential reputational and financial damage to both individuals and organizations.
At SecurityForEveryone.com, customers can stay updated with the latest vulnerabilities and security threats through their pro features, which take into account each user's individual digital assets and provide ongoing assessment and analysis of potential risks. This feature allows customers to take proactive measures in safeguarding their digital assets and prevent malicious attacks such as the CVE-2021-28164 vulnerability.
REFERENCES
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
- https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
- https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210611-0006/
control security posture