what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2021-28164

Status Candidate

Overview

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Related Files

Jetty WEB-INF File Disclosure
Posted Aug 31, 2024
Authored by h00die, Mayank Deshmukh, cangqingzhe, charlesk40, lachlan roberts | Site metasploit.com

Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access protected files in the WEB-INF folder. Versions effected are: 9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, but web.xml is most likely to have information of value.

tags | exploit, web
advisories | CVE-2021-28164, CVE-2021-34429
SHA-256 | 8dfcee78eebf17abc7fd9c39192937639d93c646932d8c726dffcbafbedbf39b
Red Hat Security Advisory 2022-6407-01
Posted Sep 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6407-01 - A minor version update is now available for Red Hat Camel K that includes CVE fixes in the base images, which are documented in the Release Notes document linked in the References section. Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-27223, CVE-2020-36518, CVE-2020-9492, CVE-2021-20289, CVE-2021-22132, CVE-2021-22137, CVE-2021-2471, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-3520, CVE-2021-3629, CVE-2021-37714, CVE-2021-38153
SHA-256 | cc86bb2ed063a9b8609ef6960b486d0a7bff3be7ef9e7f5716ccc3523480f3ed
Red Hat Security Advisory 2021-4767-01
Posted Nov 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4767-01 - This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, deserialization, information leakage, resource exhaustion, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13936, CVE-2020-14326, CVE-2020-26217, CVE-2020-26258, CVE-2020-26259, CVE-2020-27218, CVE-2020-27223, CVE-2020-28052, CVE-2020-28491, CVE-2021-20289, CVE-2021-20328, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351, CVE-2021-27568, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165
SHA-256 | 9dff15e298c722ad84d5f39cb4d850c04124d91986161bb1afd605f4e69d1c9d
Jetty 9.4.37.v20210219 Information Disclosure
Posted Oct 22, 2021
Authored by Mayank Deshmukh

Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-28164
SHA-256 | 2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
Red Hat Security Advisory 2021-3700-01
Posted Sep 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3700-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2020-27223, CVE-2021-20289, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28169, CVE-2021-29425, CVE-2021-3425, CVE-2021-34428, CVE-2021-34429, CVE-2021-3763
SHA-256 | a8a12dcc50fccbe685347bca1c58d45fbfe797cf6ab2e35bef81923f2d3fef9b
Red Hat Security Advisory 2021-3225-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3225-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.8.0 serves as a replacement for Red Hat AMQ Streams 1.7.0, and includes security and bug fixes, and enhancements. Issues addressed include information leakage, resource exhaustion, and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2017-18640, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-27568, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-28168, CVE-2021-28169, CVE-2021-29425, CVE-2021-34428
SHA-256 | f799cc6edbac4d0b98864f1662ed210d6e06f745c7ff0e79f347ad596baa1447
Red Hat Security Advisory 2021-2689-01
Posted Jul 13, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2689-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red Hat AMQ Broker 7.8.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include denial of service, information leakage, and resource exhaustion vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2020-27223, CVE-2021-21290, CVE-2021-21295, CVE-2021-21409, CVE-2021-28163, CVE-2021-28164, CVE-2021-28165, CVE-2021-3425
SHA-256 | 797ae866913245376a53ab9b2027c144a57e156f08fb0901e02b9cb20c189fda
Red Hat Security Advisory 2021-1560-01
Posted May 14, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1560-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.6.4 serves as a replacement for Red Hat AMQ Streams 1.6.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include a resource exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-28163, CVE-2021-28164, CVE-2021-28165
SHA-256 | 2ff7911ad453047cb62a6be2eef0f5b3914da0931d3a67bc77cbf2ba4e925c8e
Red Hat Security Advisory 2021-1509-01
Posted May 6, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1509-01 - Jetty is a 100% Java HTTP Server and Servlet Container. Issues addressed include a resource exhaustion vulnerability.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2021-28163, CVE-2021-28164, CVE-2021-28165
SHA-256 | ba197d4fd14d678de290d2c037600d71497d1ff98c747ea93d15d1d0dc493336
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close