CVE-2021-34429

Published Jul 15, 2021

Last updated a year ago

CVSS medium 5.3

Overview

Description: For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
Source: emo@eclipse.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other
emo@eclipse.org: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2",
            "versionEndExcluding": "9.4.43",
            "versionStartIncluding": "9.4.37"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6",
            "versionEndExcluding": "10.0.6",
            "versionStartIncluding": "10.0.1"
          },
          {
            "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC",
            "versionEndExcluding": "11.0.6",
            "versionStartIncluding": "11.0.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
            "versionEndIncluding": "11.70.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2"
          },
          {
            "criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA"
          },
          {
            "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E"
          },
          {
            "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAEB09CA-9352-43CD-AF66-92BE416E039C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
            "versionEndIncluding": "8.5.0.2",
            "versionStartIncluding": "8.0.0.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
            "versionEndExcluding": "22.1.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "847E8F6A-6115-4CCB-B16B-5DA8427958C4",
            "versionEndExcluding": "19.1.0.0.6.4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References