WEB APPLICATION VULNERABILITIES Standard & Premium

Jetty Information Disclosure (CVE-2021-34429)

Description

Due to a vulnerability in Jetty's URI normalization, an attacker can access protected resources of the web application.

Remediation

Upgrade to the latest version of Jetty

References

Related Vulnerabilities

WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)

WordPress Plugin JupiterX Core Multiple Vulnerabilities (2.0.6)

Apache Tomcat version older than 5.5.26

WordPress Plugin FV Flowplayer Video Player Multiple Vulnerabilities (7.3.14.727)

WordPress Plugin SL User Create Information Disclosure (0.2.4)

Severity

Medium

Classification

CVE-2021-34429 CVE-2021-28164 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration