CVE-2021-28163
Published Apr 1, 2021
Last updated a year ago
Overview
- Description
- In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
- Source
- emo@eclipse.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF634A17-7602-4D5A-B28C-A3D123D55BDD",
"versionEndExcluding": "9.4.39",
"versionStartIncluding": "9.4.32"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "334FAEF6-CEC6-445F-B52D-7FF38CDB9F79"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "129017B0-7465-4F75-8C30-B9A5DBC1DE9F"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52F4E0D3-9709-4073-9DE0-F36CDD3DB62F"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DF6B532-FC1B-429A-B06F-0361ED12CB2E"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6AF5EF3-8153-4768-8771-13448DE625B5"
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76EC004C-0BE9-46E1-86AE-391B27C6AE79"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77A86E91-044C-44A0-9AD4-B4B2AD6723BC",
"versionEndExcluding": "2.1.1"
},
{
"criteria": "cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "42672AEA-5920-4951-ADCF-5D5AA4AB4A77"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"vulnerable": true,
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
},
{
"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA"
},
{
"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E"
},
{
"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "D5D73B53-9750-4844-A767-21F8A0CEE0B3",
"versionStartIncluding": "9.6"
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B",
"versionStartIncluding": "9.6"
},
{
"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "FF852A4C-7818-408D-A46B-2F4EE1AB8895",
"versionStartIncluding": "9.6"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4"
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0"
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC"
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1"
},
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C"
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1",
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E419C70-9516-4C63-997B-60B20E30A30D",
"versionEndIncluding": "8.2.4.0",
"versionStartIncluding": "8.0.0"
},
{
"criteria": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8",
"versionEndIncluding": "21.9"
}
],
"operator": "OR"
}
]
}
]