Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2021-34429 - Vulnerability Database
Jetty

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2021-34429

Medium
Reference: CVE-2021-34429
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-34429
Title: Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

For Eclipse Jetty versions 9.4.37-9.4.42 10.0.1-10.0.5 amp 11.0.1-11.0.5 URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.