vulnerability
Amazon Linux AMI 2: CVE-2021-28169: Security patch for jetty (ALAS-2024-2408)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jun 9, 2021 | Jan 10, 2024 | Nov 26, 2024 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jun 9, 2021
Added
Jan 10, 2024
Modified
Nov 26, 2024
Description
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Solutions
amazon-linux-ami-2-upgrade-jetty-annotationsamazon-linux-ami-2-upgrade-jetty-antamazon-linux-ami-2-upgrade-jetty-clientamazon-linux-ami-2-upgrade-jetty-continuationamazon-linux-ami-2-upgrade-jetty-deployamazon-linux-ami-2-upgrade-jetty-httpamazon-linux-ami-2-upgrade-jetty-ioamazon-linux-ami-2-upgrade-jetty-jaasamazon-linux-ami-2-upgrade-jetty-jaspiamazon-linux-ami-2-upgrade-jetty-javadocamazon-linux-ami-2-upgrade-jetty-jmxamazon-linux-ami-2-upgrade-jetty-jndiamazon-linux-ami-2-upgrade-jetty-jspamazon-linux-ami-2-upgrade-jetty-jspc-maven-pluginamazon-linux-ami-2-upgrade-jetty-maven-pluginamazon-linux-ami-2-upgrade-jetty-monitoramazon-linux-ami-2-upgrade-jetty-plusamazon-linux-ami-2-upgrade-jetty-projectamazon-linux-ami-2-upgrade-jetty-proxyamazon-linux-ami-2-upgrade-jetty-rewriteamazon-linux-ami-2-upgrade-jetty-runneramazon-linux-ami-2-upgrade-jetty-securityamazon-linux-ami-2-upgrade-jetty-serveramazon-linux-ami-2-upgrade-jetty-servletamazon-linux-ami-2-upgrade-jetty-servletsamazon-linux-ami-2-upgrade-jetty-startamazon-linux-ami-2-upgrade-jetty-utilamazon-linux-ami-2-upgrade-jetty-util-ajaxamazon-linux-ami-2-upgrade-jetty-webappamazon-linux-ami-2-upgrade-jetty-websocket-apiamazon-linux-ami-2-upgrade-jetty-websocket-clientamazon-linux-ami-2-upgrade-jetty-websocket-commonamazon-linux-ami-2-upgrade-jetty-websocket-parentamazon-linux-ami-2-upgrade-jetty-websocket-serveramazon-linux-ami-2-upgrade-jetty-websocket-servletamazon-linux-ami-2-upgrade-jetty-xml
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.