CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 1CVE-2021-34428 – jetty: SessionListener can prevent a session from being invalidated breaking logout
https://notcve.org/view.php?id=CVE-2021-34428
22 Jun 2021 — For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versio... • https://github.com/Trinadh465/jetty_9.4.31_CVE-2021-34428 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 93%CPEs: 20EXPL: 5CVE-2021-28164 – Jetty 9.4.37.v20210219 - Information Disclosure
https://notcve.org/view.php?id=CVE-2021-28164
01 Apr 2021 — In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones ... • https://packetstorm.news/files/id/180705 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •
CVSS: 7.8EPSS: 13%CPEs: 24EXPL: 3CVE-2021-28165 – jetty: Resource exhaustion when receiving an invalid large TLS frame
https://notcve.org/view.php?id=CVE-2021-28165
01 Apr 2021 — In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. En Eclipse Jetty versiones 7.2.2 hasta 9.4.38, versiones 10.0.0.alpha0 hasta 10.0.1 y versiones 11.0.0.alpha0 hasta 11.0.1, el uso de CPU puede alcanzar el 100% al recibir una gran trama TLS no válida. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is i... • https://github.com/uthrasri/CVE-2021-28165 • CWE-400: Uncontrolled Resource Consumption CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 4.0EPSS: 0%CPEs: 33EXPL: 1CVE-2021-28163 – jetty: Symlink directory exposes webapp directory contents
https://notcve.org/view.php?id=CVE-2021-28163
01 Apr 2021 — In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory. En Eclipse Jetty versiones 9.4.32 hasta 9.4.38, versiones 10.0.0.beta2 hasta 10.0.1 y versiones 11.0.0.beta2 hasta 11.0.1, si un usuario usa un directorio de aplicaciones web que es un enlace simbólico, el... • https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0CVE-2020-27218 – jetty: buffer not correctly recycled in Gzip Request inflation
https://notcve.org/view.php?id=CVE-2020-27218
28 Nov 2020 — In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the bo... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.0EPSS: 0%CPEs: 33EXPL: 2CVE-2020-27216 – jetty: local temporary directory hijacking vulnerability
https://notcve.org/view.php?id=CVE-2020-27216
23 Oct 2020 — In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack... • https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 • CWE-377: Insecure Temporary File CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 4.3EPSS: 0%CPEs: 101EXPL: 0CVE-2020-9488 – log4j: improper validation of certificate with host mismatch in SMTP appender
https://notcve.org/view.php?id=CVE-2020-9488
27 Apr 2020 — Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 Validación incorrecta del certificado con desajuste de host en el apéndice SMTP de Apache Log4j. Esto podría permitir que una conexión SMTPS fuera interceptada por un ataque de tipo man-in-the-middle que podría filtrar cualquier mensaje de ... • https://issues.apache.org/jira/browse/LOG4J2-2819 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2020-11612 – netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
https://notcve.org/view.php?id=CVE-2020-11612
07 Apr 2020 — The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. El ZlibDecoders en Netty versiones 4.1.x anteriores a 4.1.46, permite una asignación de memoria ilimitada mientras decodifican un flujo de bytes de ZlibEncoded. Un atacante podría enviar una secuencia de bytes de ZlibEncoded grande hac... • https://github.com/netty/netty/compare/netty-4.1.45.Final...netty-4.1.46.Final • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 0CVE-2019-17531 – jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
https://notcve.org/view.php?id=CVE-2019-17531
12 Oct 2019 — A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9... • https://access.redhat.com/errata/RHSA-2019:4192 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •