HomePentest-Tools.com Logo

Eclipse Jetty - Information Disclosure CVE-2021-34429

Severity
CVSSv3 Score
5.3
Vulnerability description

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.\n

Risk description

No risk description to display.

Recommendation

Apply the latest security patches or updates provided by the vendor to fix the information disclosure vulnerability in Eclipse Jetty.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 15, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available