For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
27 Oct 2022, 12:25
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
First Time |
Oracle autovue For Agile Product Lifecycle Management
Oracle stream Analytics Oracle financial Services Crime And Compliance Management Studio Oracle rest Data Services |
|
CPE | cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:* cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 18:02
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:* | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle retail Eftlink
|
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2022, 17:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:zookeeper:3.8.0:*:*:*:*:*:*:* |
01 Mar 2022, 19:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
First Time |
Oracle communications Diameter Signaling Router
Oracle Oracle communications Cloud Native Core Service Communication Proxy Oracle communications Cloud Native Core Security Edge Protection Proxy Oracle communications Cloud Native Core Binding Support Function Oracle communications Cloud Native Core Unified Data Repository |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2021, 20:02
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:apache:zookeeper:3.8.0:*:*:*:*:*:*:* | |
CWE | CWE-863 |
28 Oct 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2021, 12:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:apache:zookeeper:3.7.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:* cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210819-0006/ - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E - Mailing List, Third Party Advisory |
21 Sep 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Sep 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Aug 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Aug 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Aug 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Aug 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Aug 2021, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Aug 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Aug 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2021, 14:50
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:* | |
CWE | CWE-200 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
15 Jul 2021, 17:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-15 17:15
Updated : 2022-10-27 12:25
NVD link : CVE-2021-34429
Mitre link : CVE-2021-34429
JSON object : View
Products Affected
netapp
- snap_creator_framework
- hci_management_node
- snapcenter_plug-in
- element_plug-in_for_vcenter_server
- e-series_santricity_web_services
- solidfire
- e-series_santricity_os_controller
oracle
- retail_eftlink
- communications_cloud_native_core_service_communication_proxy
- rest_data_services
- communications_diameter_signaling_router
- autovue_for_agile_product_lifecycle_management
- communications_cloud_native_core_security_edge_protection_proxy
- financial_services_crime_and_compliance_management_studio
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_unified_data_repository
- stream_analytics
eclipse
- jetty
CWE