Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

vulnerability

Amazon Linux AMI 2: CVE-2021-34428: Security patch for jetty (Multiple Advisories)

Try Surface Command
Back to search
Severity
4
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:N)
Published
Jun 22, 2021
Added
May 14, 2025
Modified
May 20, 2026

Description

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Solutions

amazon-linux-ami-2-upgrade-jetty-annotationsamazon-linux-ami-2-upgrade-jetty-antamazon-linux-ami-2-upgrade-jetty-clientamazon-linux-ami-2-upgrade-jetty-continuationamazon-linux-ami-2-upgrade-jetty-deployamazon-linux-ami-2-upgrade-jetty-httpamazon-linux-ami-2-upgrade-jetty-ioamazon-linux-ami-2-upgrade-jetty-jaasamazon-linux-ami-2-upgrade-jetty-jaspiamazon-linux-ami-2-upgrade-jetty-javadocamazon-linux-ami-2-upgrade-jetty-jmxamazon-linux-ami-2-upgrade-jetty-jndiamazon-linux-ami-2-upgrade-jetty-jspamazon-linux-ami-2-upgrade-jetty-jspc-maven-pluginamazon-linux-ami-2-upgrade-jetty-maven-pluginamazon-linux-ami-2-upgrade-jetty-monitoramazon-linux-ami-2-upgrade-jetty-plusamazon-linux-ami-2-upgrade-jetty-projectamazon-linux-ami-2-upgrade-jetty-proxyamazon-linux-ami-2-upgrade-jetty-rewriteamazon-linux-ami-2-upgrade-jetty-runneramazon-linux-ami-2-upgrade-jetty-securityamazon-linux-ami-2-upgrade-jetty-serveramazon-linux-ami-2-upgrade-jetty-servletamazon-linux-ami-2-upgrade-jetty-servletsamazon-linux-ami-2-upgrade-jetty-startamazon-linux-ami-2-upgrade-jetty-utilamazon-linux-ami-2-upgrade-jetty-util-ajaxamazon-linux-ami-2-upgrade-jetty-webappamazon-linux-ami-2-upgrade-jetty-websocket-apiamazon-linux-ami-2-upgrade-jetty-websocket-clientamazon-linux-ami-2-upgrade-jetty-websocket-commonamazon-linux-ami-2-upgrade-jetty-websocket-parentamazon-linux-ami-2-upgrade-jetty-websocket-serveramazon-linux-ami-2-upgrade-jetty-websocket-servletamazon-linux-ami-2-upgrade-jetty-xml

References

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report