Security for everyone

CVE-2021-28169 Scanner

Detects 'Information Disclosure' vulnerability in Eclipse Jetty affects v. <= 9.4.40, <= 10.0.2, <= 11.0.2.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-28169 Scanner Detail

Eclipse Jetty is a popular Java-based web server and servlet container used for serving dynamic content. It is commonly used for embedded applications, web services, and small websites. Its lightweight and flexible nature offers a cost-effective solution to deploy Java-based applications. The software has garnered immense popularity for its strong support to the Servlet 3.1, JSP 2.3, WebSocket, OSGi, and JMX standards.

Recently, Eclipse Jetty has been identified with a severe vulnerability code named CVE-2021-28169. This vulnerability has been detected in versions 9.4.40, 10.0.2, and 11.0.2 of the Jetty software. The issue arises when a request is sent to the ConcatServlet with a doubly encoded path, leading to the exposure of sensitive information housed in the WEB-INF directory. An attacker can leverage this vulnerability to gain unauthorized access to confidential system files, retrieve sensitive information such as usernames, passwords, and other credentials, and even inject malicious code to the web application.

When exploited, the CVE-2021-28169 vulnerability allows an attacker to bypass authentication mechanisms, compromise user data, and take control of the web application. Since the WEB-INF folder contains critical files needed for the proper functioning of a web application, an attacker can steal data stored in the database, access configuration files, or execute arbitrary code on the server. The consequences can be catastrophic for companies, as they can suffer a significant loss of sensitive data, reputation, and revenue.

Thanks to the pro features offered by securityforeveryone.com, you can easily and quickly identify vulnerabilities in your digital assets. It offers automated scanning of web applications, technologies, and APIs and produces detailed reports of vulnerabilities and attack paths. This tool helps you stay ahead of the threat landscape and take proactive steps in securing your web applications. Consider investing in securityforeveryone.com to enhance your web application security posture and prevent the exploitation of critical vulnerabilities like CVE-2021-28169.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture