CVE-2021-34428

Published Jun 22, 2021

Last updated a year ago

CVSS low 3.5

Overview

Description: For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.
Source: emo@eclipse.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 3.5
Impact score: 2.5
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-613
emo@eclipse.org: CWE-613

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64EFBA84-EBA2-4A59-8739-D87727D15B61",
            "versionEndIncluding": "9.4.40"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06C9A6EF-7194-4518-8460-47A0B712CA01",
            "versionEndIncluding": "10.0.2",
            "versionStartIncluding": "10.0.0"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4322454D-BEA1-4271-9622-7AD43CC126C9",
            "versionEndIncluding": "11.0.2",
            "versionStartIncluding": "11.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
            "versionEndIncluding": "11.70.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA"
          },
          {
            "criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EEAA04-A7BD-4FFF-8B0B-CEE5EC09F75C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F80CB000-C477-486C-838C-B2FE82647670",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E419C70-9516-4C63-997B-60B20E30A30D",
            "versionEndIncluding": "8.2.4.0",
            "versionStartIncluding": "8.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C134E13-D6B8-4F28-9EF0-C12BF8A380CF",
            "versionEndExcluding": "21.3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8",
            "versionEndIncluding": "21.9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References