Security for everyone

CVE-2021-28164 Scanner

Detects 'Information Disclosure' vulnerability in Eclipse Jetty affects v. from 9.4.37.v20210219 through 9.4.38.v20210224.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one


Parent Category

CVE-2021-28164 Scanner Detail

Eclipse Jetty is an open-source Java-based HTTP web serving and servlet engine that is often used in embedded and standalone Java applications as well as in several popular web frameworks. With its lightweight and modular structure, Jetty is capable of running a diverse range of web-based applications including real-time services, event-driven applications, and RESTful web services.

Recently, the CVE-2021-28164 vulnerability was discovered in versions of Jetty ranging from 9.4.37.v20210219 to 9.4.38.v20210224. In technical terms, this flaw is related to the default compliance mode in which requests with URIs containing %2e or %2e%2e segments are allowed to access protected resources within the WEB-INF directory. This allows attackers to exploit the vulnerability and retrieve sensitive information pertaining to the web application's implementation without permission or authentication.

If exploited, this vulnerability can lead to severe consequences such as unauthorized access to sensitive data, vulnerable application code, and misuse of web application functionalities. Additionally, malicious actors can cause server crashes and manipulate and corrupt data, leading to potential reputational and financial damage to both individuals and organizations.

At, customers can stay updated with the latest vulnerabilities and security threats through their pro features, which take into account each user's individual digital assets and provide ongoing assessment and analysis of potential risks. This feature allows customers to take proactive measures in safeguarding their digital assets and prevent malicious attacks such as the CVE-2021-28164 vulnerability.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture