Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
0

CVE-2021-28163

Disclosure Date: April 01, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
2.7 Low
Impact Score:
1.4
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • apache,
  • eclipse,
  • fedoraproject,
  • netapp,
  • oracle

Products

  • autovue for agile product lifecycle management 21.0.2,
  • banking apis 20.1,
  • banking apis 21.1,
  • banking digital experience 20.1,
  • banking digital experience 21.1,
  • cloud manager -,
  • communications element manager 8.2.2,
  • communications services gatekeeper 7.0,
  • communications session report manager,
  • communications session route manager,
  • e-series performance analyzer -,
  • e-series santricity os controller,
  • e-series santricity web services -,
  • element plug-in for vcenter server -,
  • fedora 32,
  • fedora 33,
  • fedora 34,
  • ignite,
  • jetty,
  • jetty 10.0.0,
  • jetty 10.0.1,
  • jetty 11.0.0,
  • jetty 11.0.1,
  • santricity cloud connector -,
  • siebel core - automation,
  • snapcenter -,
  • snapcenter plug-in -,
  • solr 8.8.1,
  • storage replication adapter for clustered data ontap,
  • vasa provider for clustered data ontap,
  • virtual storage console

References

Advisory

Additional Info

Technical Analysis