CVE-2021-28164

Scores

EPSS

0.935high93.5%

0%20%40%60%80%100%

Percentile: 93.5%

CVSS

5.3medium3.x

0246810

CVSS Score: 5.3/10

All CVSS Scores

CVSS 3.x

5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-200

Related Vulnerabilities

BDU:2022-05510

Exploits

Exploit ID: 50438

Source: exploitdb

URL: https://www.exploit-db.com/exploits/50438

Exploit ID: CVE-2021-28164

Source: github-poc

URL: https://github.com/jammy0903/-jettyCVE-2021-28164-

Vulnerable Software (29)

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu bionic 18.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu focal 20.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu groovy 20.10

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu hirsute 21.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu impish 21.10

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu kinetic 22.10

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu lunar 23.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: equinox-bundles

Operating System: ubuntu trusty 14.04

Trait:

{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: jetty9

Operating System: debian

Trait:

{  "fixed": "9.4.39-1"}

Source: debian

Type: Configuration

Product: jetty9

Operating System: debian buster 10

Trait:

{  "unaffected": true}

Source: debian

Type: Configuration

Product: jetty9

Operating System: debian stretch 9

Trait:

{  "unaffected": true}

Source: debian

Type: Configuration

Product: rh-eclipse-jetty

Operating System: rhel

Trait:

{  "fixed": "9.4.40-1.1.el7_9"}

Source: redhat

Type: Configuration

Vendor: *

Product: autovue_for_agile_product_lifecycle_management

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:or...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4",      "versionStartIncluding": "8.0.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",      "versionEndIncluding": "21.9",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: banking_apis

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:or...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4",      "versionStartIncluding": "8.0.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",      "versionEndIncluding": "21.9",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: banking_digital_experience

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:or...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4",      "versionStartIncluding": "8.0.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",      "versionEndIncluding": "21.9",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: cloud_manager

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.70.1",      "versionStartIncluding": "11.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: communications_session_route_manager

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:or...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",      "versionEndIncluding": "8.2.4",      "versionStartIncluding": "8.0.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",      "versionEndIncluding": "21.9",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: e-series_performance_analyzer

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.70.1",      "versionStartIncluding": "11.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: e-series_santricity_os_controller

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.70.1",      "versionStartIncluding": "11.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: e-series_santricity_web_services

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",      "versionEndIncluding": "11.70.1",      "versionStartIncluding": "11.0",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",      "versionStartIncluding": "9.6",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Russian Vulnerability Scanner Database

CVE-2021-28164

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

CWEs

Related Vulnerabilities

Exploits

Vulnerable Software (29)