Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2021-28163
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 4/10
- Exploit Score
- 8/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- Single
- Impact Score
- 2.9/10
- Confidentiality Impact
- Partial
- Availability Impact
- None
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- Low
- Base Score
- 2.7/10
- Exploit Score
- 1.2/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- High
- Impact Score
- 1.4/10
- Confidentiality Impact
- Low
- Availability Impact
- None
- Integrity Impact
- None
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* |
Yes
|
9.4.32 | 9.4.39 | |
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:* |
Yes
|
- | 2.1.1 | |
cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vs |
Yes
|
9.6 | - | |
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_d |
Yes
|
9.6 | - | |
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*: |
Yes
|
9.6 | - | |
cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere |
Yes
|
- | - | |
cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:* |
Yes
|
11.0.0 | - | |
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_managem |
Yes
|
- | - | |
cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_session_report_manager:*:*:* |
Yes
|
8.0.0 | - | |
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*: |
Yes
|
8.0.0 | - | |
cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
- https://security.netapp.com/advisory/ntap-20210611-0006/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f
- https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc
- https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb
- https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff477
- https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a
- https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22
- https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e90
- https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16
- https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca
- https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e
- https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b842358473
- https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476
- https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2
- https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11
- https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902
- https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd
- https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29ea