CVE-2021-28163

Published Apr 1, 2021

Last updated a year ago

CVSS low 2.7

Overview

Description: In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
Source: emo@eclipse.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 2.7
Impact score: 1.4
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-59
emo@eclipse.org: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF634A17-7602-4D5A-B28C-A3D123D55BDD",
            "versionEndExcluding": "9.4.39",
            "versionStartIncluding": "9.4.32"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "334FAEF6-CEC6-445F-B52D-7FF38CDB9F79"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "129017B0-7465-4F75-8C30-B9A5DBC1DE9F"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F4E0D3-9709-4073-9DE0-F36CDD3DB62F"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DF6B532-FC1B-429A-B06F-0361ED12CB2E"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6AF5EF3-8153-4768-8771-13448DE625B5"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EC004C-0BE9-46E1-86AE-391B27C6AE79"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77A86E91-044C-44A0-9AD4-B4B2AD6723BC",
            "versionEndExcluding": "2.1.1"
          },
          {
            "criteria": "cpe:2.3:a:apache:solr:8.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42672AEA-5920-4951-ADCF-5D5AA4AB4A77"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF971916-C526-43A9-BD80-985BCC476569",
            "versionEndIncluding": "11.70.1",
            "versionStartIncluding": "11.0.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E"
          },
          {
            "criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5D73B53-9750-4844-A767-21F8A0CEE0B3",
            "versionStartIncluding": "9.6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B",
            "versionStartIncluding": "9.6"
          },
          {
            "criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF852A4C-7818-408D-A46B-2F4EE1AB8895",
            "versionStartIncluding": "9.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E419C70-9516-4C63-997B-60B20E30A30D",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8",
            "versionEndIncluding": "21.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References