Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p7cu-h519-83hx
Summary
Authorization Before Parsing and Canonicalization in jetty
Release 9.4.37 introduced a more precise implementation of [RFC3986](https://tools.ietf.org/html/rfc3986#section-3.3) with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours.   The default mode allowed % encoded . characters to be excluded for URI normalisation, which is correct by the RFC, but is not assumed by common Servlet implementations. The default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the `WEB-INF` directory.  For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file.  This can reveal sensitive information regarding the implementation of a web application. Workarounds found by HttpCompliance mode RFC7230_NO_AMBIGUOUS_URIS can be enabled by updating `start.d/http.ini` to include: jetty.http.compliance=RFC7230_NO_AMBIGUOUS_URIS.
Aliases
0
alias CVE-2021-28164
1
alias GHSA-v7ff-8wcx-gmc5
Fixed_packages
0
url pkg:deb/debian/jetty9@9.4.39-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.39-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.39-1%3Fdistro=trixie
1
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2
purl pkg:deb/debian/jetty9@9.4.50-4%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ejr-3tea-kydr
1
vulnerability VCID-gdcf-9axf-1yaq
2
vulnerability VCID-gq93-ctd4-aqbp
3
vulnerability VCID-kx4x-gnk4-yugu
4
vulnerability VCID-memq-11qz-9qem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.50-4%252Bdeb11u2
3
url pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb12u1%3Fdistro=trixie
4
url pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.57-1.1~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-1%3Fdistro=trixie
6
url pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
purl pkg:deb/debian/jetty9@9.4.58-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.58-2%3Fdistro=trixie
7
url pkg:maven/org.eclipse.jetty/jetty-client@9.4.38.v20210224
purl pkg:maven/org.eclipse.jetty/jetty-client@9.4.38.v20210224
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-kxtv-ma18-8fer
2
vulnerability VCID-prd3-mmuv-n3dc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-client@9.4.38.v20210224
8
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.38.v20210224
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.38.v20210224
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2k3p-x56s-ffgr
1
vulnerability VCID-e1r9-bbdh-qqf6
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-prd3-mmuv-n3dc
4
vulnerability VCID-q3k2-1x5q-buhy
5
vulnerability VCID-tqm9-4ch7-s7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.38.v20210224
9
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.38.v20210224
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.38.v20210224
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-kx4x-gnk4-yugu
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-prd3-mmuv-n3dc
4
vulnerability VCID-q35p-8qhp-aqec
5
vulnerability VCID-q3k2-1x5q-buhy
6
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.38.v20210224
10
url pkg:maven/org.eclipse.jetty/jetty-util@9.4.38.v20210224
purl pkg:maven/org.eclipse.jetty/jetty-util@9.4.38.v20210224
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxtv-ma18-8fer
1
vulnerability VCID-prd3-mmuv-n3dc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-util@9.4.38.v20210224
11
url pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38.v20210224
purl pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38.v20210224
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3f6t-fkt7-wub9
1
vulnerability VCID-9xw3-4a4u-hbbb
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-q3k2-1x5q-buhy
4
vulnerability VCID-rpc4-u4aq-4qde
5
vulnerability VCID-thpu-76e5-j3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38.v20210224
Affected_packages
0
url pkg:deb/debian/jetty9@9.2.21-1~bpo8%2B1
purl pkg:deb/debian/jetty9@9.2.21-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12gq-ezut-ckhz
1
vulnerability VCID-1ejr-3tea-kydr
2
vulnerability VCID-3f6t-fkt7-wub9
3
vulnerability VCID-5781-s1ny-q7ey
4
vulnerability VCID-5qhm-ase5-5qhy
5
vulnerability VCID-9xw3-4a4u-hbbb
6
vulnerability VCID-ahev-zdjd-gqg1
7
vulnerability VCID-czhb-gqt2-17av
8
vulnerability VCID-dvyn-8phs-a3a6
9
vulnerability VCID-dznb-x27e-kqan
10
vulnerability VCID-g3ff-brt6-vkeh
11
vulnerability VCID-gdcf-9axf-1yaq
12
vulnerability VCID-gq93-ctd4-aqbp
13
vulnerability VCID-kvqz-fppe-d7fe
14
vulnerability VCID-kx4x-gnk4-yugu
15
vulnerability VCID-kxtv-ma18-8fer
16
vulnerability VCID-memq-11qz-9qem
17
vulnerability VCID-nubz-xqaw-tkfr
18
vulnerability VCID-nyxu-ekhs-gyb5
19
vulnerability VCID-p7cu-h519-83hx
20
vulnerability VCID-prd3-mmuv-n3dc
21
vulnerability VCID-q35p-8qhp-aqec
22
vulnerability VCID-q3k2-1x5q-buhy
23
vulnerability VCID-rpc4-u4aq-4qde
24
vulnerability VCID-sw3q-jzqx-dkbn
25
vulnerability VCID-thpu-76e5-j3d3
26
vulnerability VCID-tqm9-4ch7-s7b3
27
vulnerability VCID-u2b5-uyd6-fbh9
28
vulnerability VCID-uuju-ey95-tyfq
29
vulnerability VCID-y3mv-vmwd-tydt
30
vulnerability VCID-ypc7-f1nd-t7gn
31
vulnerability VCID-zdt8-jrn2-m3ff
32
vulnerability VCID-znv6-77jf-v3gu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.2.21-1~bpo8%252B1
1
url pkg:deb/debian/jetty9@9.2.21-1%2Bdeb9u1
purl pkg:deb/debian/jetty9@9.2.21-1%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12gq-ezut-ckhz
1
vulnerability VCID-1ejr-3tea-kydr
2
vulnerability VCID-3f6t-fkt7-wub9
3
vulnerability VCID-5781-s1ny-q7ey
4
vulnerability VCID-5qhm-ase5-5qhy
5
vulnerability VCID-9xw3-4a4u-hbbb
6
vulnerability VCID-ahev-zdjd-gqg1
7
vulnerability VCID-czhb-gqt2-17av
8
vulnerability VCID-dvyn-8phs-a3a6
9
vulnerability VCID-dznb-x27e-kqan
10
vulnerability VCID-g3ff-brt6-vkeh
11
vulnerability VCID-gdcf-9axf-1yaq
12
vulnerability VCID-gq93-ctd4-aqbp
13
vulnerability VCID-kvqz-fppe-d7fe
14
vulnerability VCID-kx4x-gnk4-yugu
15
vulnerability VCID-kxtv-ma18-8fer
16
vulnerability VCID-memq-11qz-9qem
17
vulnerability VCID-nubz-xqaw-tkfr
18
vulnerability VCID-nyxu-ekhs-gyb5
19
vulnerability VCID-p7cu-h519-83hx
20
vulnerability VCID-prd3-mmuv-n3dc
21
vulnerability VCID-q35p-8qhp-aqec
22
vulnerability VCID-q3k2-1x5q-buhy
23
vulnerability VCID-rpc4-u4aq-4qde
24
vulnerability VCID-sw3q-jzqx-dkbn
25
vulnerability VCID-thpu-76e5-j3d3
26
vulnerability VCID-tqm9-4ch7-s7b3
27
vulnerability VCID-u2b5-uyd6-fbh9
28
vulnerability VCID-uuju-ey95-tyfq
29
vulnerability VCID-y3mv-vmwd-tydt
30
vulnerability VCID-ypc7-f1nd-t7gn
31
vulnerability VCID-zdt8-jrn2-m3ff
32
vulnerability VCID-znv6-77jf-v3gu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.2.21-1%252Bdeb9u1
2
url pkg:deb/debian/jetty9@9.2.23-1~bpo8%2B1
purl pkg:deb/debian/jetty9@9.2.23-1~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12gq-ezut-ckhz
1
vulnerability VCID-1ejr-3tea-kydr
2
vulnerability VCID-3f6t-fkt7-wub9
3
vulnerability VCID-5781-s1ny-q7ey
4
vulnerability VCID-5qhm-ase5-5qhy
5
vulnerability VCID-9xw3-4a4u-hbbb
6
vulnerability VCID-ahev-zdjd-gqg1
7
vulnerability VCID-czhb-gqt2-17av
8
vulnerability VCID-dvyn-8phs-a3a6
9
vulnerability VCID-g3ff-brt6-vkeh
10
vulnerability VCID-gdcf-9axf-1yaq
11
vulnerability VCID-gq93-ctd4-aqbp
12
vulnerability VCID-kvqz-fppe-d7fe
13
vulnerability VCID-kx4x-gnk4-yugu
14
vulnerability VCID-kxtv-ma18-8fer
15
vulnerability VCID-memq-11qz-9qem
16
vulnerability VCID-nubz-xqaw-tkfr
17
vulnerability VCID-nyxu-ekhs-gyb5
18
vulnerability VCID-p7cu-h519-83hx
19
vulnerability VCID-prd3-mmuv-n3dc
20
vulnerability VCID-q35p-8qhp-aqec
21
vulnerability VCID-q3k2-1x5q-buhy
22
vulnerability VCID-rpc4-u4aq-4qde
23
vulnerability VCID-sw3q-jzqx-dkbn
24
vulnerability VCID-thpu-76e5-j3d3
25
vulnerability VCID-tqm9-4ch7-s7b3
26
vulnerability VCID-u2b5-uyd6-fbh9
27
vulnerability VCID-uuju-ey95-tyfq
28
vulnerability VCID-y3mv-vmwd-tydt
29
vulnerability VCID-ypc7-f1nd-t7gn
30
vulnerability VCID-zdt8-jrn2-m3ff
31
vulnerability VCID-znv6-77jf-v3gu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.2.23-1~bpo8%252B1
3
url pkg:deb/debian/jetty9@9.4.16-0%2Bdeb10u1
purl pkg:deb/debian/jetty9@9.4.16-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ejr-3tea-kydr
1
vulnerability VCID-3f6t-fkt7-wub9
2
vulnerability VCID-5781-s1ny-q7ey
3
vulnerability VCID-5qhm-ase5-5qhy
4
vulnerability VCID-9xw3-4a4u-hbbb
5
vulnerability VCID-ahev-zdjd-gqg1
6
vulnerability VCID-czhb-gqt2-17av
7
vulnerability VCID-dvyn-8phs-a3a6
8
vulnerability VCID-g3ff-brt6-vkeh
9
vulnerability VCID-gdcf-9axf-1yaq
10
vulnerability VCID-gq93-ctd4-aqbp
11
vulnerability VCID-kx4x-gnk4-yugu
12
vulnerability VCID-kxtv-ma18-8fer
13
vulnerability VCID-memq-11qz-9qem
14
vulnerability VCID-nubz-xqaw-tkfr
15
vulnerability VCID-nyxu-ekhs-gyb5
16
vulnerability VCID-p7cu-h519-83hx
17
vulnerability VCID-prd3-mmuv-n3dc
18
vulnerability VCID-q35p-8qhp-aqec
19
vulnerability VCID-q3k2-1x5q-buhy
20
vulnerability VCID-rpc4-u4aq-4qde
21
vulnerability VCID-sw3q-jzqx-dkbn
22
vulnerability VCID-thpu-76e5-j3d3
23
vulnerability VCID-tqm9-4ch7-s7b3
24
vulnerability VCID-uuju-ey95-tyfq
25
vulnerability VCID-y3mv-vmwd-tydt
26
vulnerability VCID-ypc7-f1nd-t7gn
27
vulnerability VCID-zdt8-jrn2-m3ff
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/jetty9@9.4.16-0%252Bdeb10u1
4
url pkg:maven/org.eclipse.jetty/jetty-client@9.4.37
purl pkg:maven/org.eclipse.jetty/jetty-client@9.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-client@9.4.37
5
url pkg:maven/org.eclipse.jetty/jetty-client@9.4.37.v20210219
purl pkg:maven/org.eclipse.jetty/jetty-client@9.4.37.v20210219
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-kxtv-ma18-8fer
2
vulnerability VCID-p7cu-h519-83hx
3
vulnerability VCID-prd3-mmuv-n3dc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-client@9.4.37.v20210219
6
url pkg:maven/org.eclipse.jetty/jetty-client@9.4.38
purl pkg:maven/org.eclipse.jetty/jetty-client@9.4.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-client@9.4.38
7
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.37
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.37
8
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.37.v20210219
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.37.v20210219
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2k3p-x56s-ffgr
1
vulnerability VCID-e1r9-bbdh-qqf6
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-p7cu-h519-83hx
4
vulnerability VCID-prd3-mmuv-n3dc
5
vulnerability VCID-q3k2-1x5q-buhy
6
vulnerability VCID-tqm9-4ch7-s7b3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.37.v20210219
9
url pkg:maven/org.eclipse.jetty/jetty-http@9.4.38
purl pkg:maven/org.eclipse.jetty/jetty-http@9.4.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-http@9.4.38
10
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.37
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.37
11
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.37.v20210219
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.37.v20210219
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9xw3-4a4u-hbbb
1
vulnerability VCID-kx4x-gnk4-yugu
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-p7cu-h519-83hx
4
vulnerability VCID-prd3-mmuv-n3dc
5
vulnerability VCID-q35p-8qhp-aqec
6
vulnerability VCID-q3k2-1x5q-buhy
7
vulnerability VCID-y3mv-vmwd-tydt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.37.v20210219
12
url pkg:maven/org.eclipse.jetty/jetty-server@9.4.38
purl pkg:maven/org.eclipse.jetty/jetty-server@9.4.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-server@9.4.38
13
url pkg:maven/org.eclipse.jetty/jetty-util@9.4.37
purl pkg:maven/org.eclipse.jetty/jetty-util@9.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-util@9.4.37
14
url pkg:maven/org.eclipse.jetty/jetty-util@9.4.37.v20210219
purl pkg:maven/org.eclipse.jetty/jetty-util@9.4.37.v20210219
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxtv-ma18-8fer
1
vulnerability VCID-p7cu-h519-83hx
2
vulnerability VCID-prd3-mmuv-n3dc
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-util@9.4.37.v20210219
15
url pkg:maven/org.eclipse.jetty/jetty-util@9.4.38
purl pkg:maven/org.eclipse.jetty/jetty-util@9.4.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-util@9.4.38
16
url pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37
purl pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3f6t-fkt7-wub9
1
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37
17
url pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37.v20210219
purl pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37.v20210219
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3f6t-fkt7-wub9
1
vulnerability VCID-9xw3-4a4u-hbbb
2
vulnerability VCID-kxtv-ma18-8fer
3
vulnerability VCID-p7cu-h519-83hx
4
vulnerability VCID-q3k2-1x5q-buhy
5
vulnerability VCID-rpc4-u4aq-4qde
6
vulnerability VCID-thpu-76e5-j3d3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.37.v20210219
18
url pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38
purl pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-p7cu-h519-83hx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.eclipse.jetty/jetty-webapp@9.4.38
19
url pkg:rpm/redhat/rh-eclipse-jetty@9.4.40-1.1?arch=el7_9
purl pkg:rpm/redhat/rh-eclipse-jetty@9.4.40-1.1?arch=el7_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kxtv-ma18-8fer
1
vulnerability VCID-p7cu-h519-83hx
2
vulnerability VCID-prd3-mmuv-n3dc
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-eclipse-jetty@9.4.40-1.1%3Farch=el7_9
References
0
reference_url http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28164.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28164
reference_id
reference_type
scores
0
value 0.93485
scoring_system epss
scoring_elements 0.99827
published_at 2026-04-26T12:55:00Z
1
value 0.93485
scoring_system epss
scoring_elements 0.99825
published_at 2026-04-21T12:55:00Z
2
value 0.93485
scoring_system epss
scoring_elements 0.99824
published_at 2026-04-18T12:55:00Z
3
value 0.93485
scoring_system epss
scoring_elements 0.99823
published_at 2026-04-12T12:55:00Z
4
value 0.93485
scoring_system epss
scoring_elements 0.99829
published_at 2026-05-14T12:55:00Z
5
value 0.93485
scoring_system epss
scoring_elements 0.99828
published_at 2026-05-05T12:55:00Z
6
value 0.93485
scoring_system epss
scoring_elements 0.99821
published_at 2026-04-04T12:55:00Z
7
value 0.93485
scoring_system epss
scoring_elements 0.99822
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28164
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28164
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/eclipse/jetty.project
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project
6
reference_url https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
7
reference_url https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
26
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28164
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28164
27
reference_url https://security.netapp.com/advisory/ntap-20210611-0006
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210611-0006
28
reference_url https://security.netapp.com/advisory/ntap-20210611-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20210611-0006/
29
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
30
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
31
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
32
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1945712
reference_id 1945712
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1945712
33
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50438.txt
reference_id CVE-2021-28164
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/50438.txt
34
reference_url https://github.com/advisories/GHSA-v7ff-8wcx-gmc5
reference_id GHSA-v7ff-8wcx-gmc5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7ff-8wcx-gmc5
35
reference_url https://access.redhat.com/errata/RHSA-2021:1509
reference_id RHSA-2021:1509
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1509
36
reference_url https://access.redhat.com/errata/RHSA-2021:1560
reference_id RHSA-2021:1560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1560
37
reference_url https://access.redhat.com/errata/RHSA-2021:2689
reference_id RHSA-2021:2689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2689
38
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
39
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
40
reference_url https://access.redhat.com/errata/RHSA-2021:4767
reference_id RHSA-2021:4767
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4767
41
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
42
reference_url https://access.redhat.com/errata/RHSA-2022:6407
reference_id RHSA-2022:6407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6407
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 551
name Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
description If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
2
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
0
date_added 2021-10-22
description Jetty 9.4.37.v20210219 - Information Disclosure
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2021-10-22
exploit_type webapps
platform java
source_date_updated 2021-10-22
data_source Exploit-DB
source_url
1
date_added null
description 
Jetty suffers from a vulnerability where certain encoded URIs and ambiguous paths can access
          protected files in the WEB-INF folder. Versions effected are:
          9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5.
          Exploitation can obtain any file in the WEB-INF folder, but web.xml is most likely
          to have information of value.
required_action null
due_date null
notes 
Stability:
  - crash-safe
Reliability: []
SideEffects:
  - ioc-in-logs
known_ransomware_campaign_use false
source_date_published 2021-07-15
exploit_type null
platform
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/gather/jetty_web_inf_disclosure.rb
Severity_range_score4.0 - 6.9
Exploitability2.0
Weighted_severity6.2
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p7cu-h519-83hx