WEB APPLICATION VULNERABILITIES Standard & Premium

Jetty Information Disclosure (CVE-2021-34429)

Description

Due to a vulnerability in Jetty's URI normalization, an attacker can access protected resources of the web application.

Remediation

Upgrade to the latest version of Jetty

References

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

WordPress Plugin DZS Video Gallery Information Disclosure (3.1.3)

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

WordPress Plugin User Profile Picture Information Disclosure (2.4.0)

WordPress Plugin Stop User Enumeration Cross-Site Scripting (1.3.7)

Severity

Medium

Classification

CVE-2021-34429 CVE-2021-28164 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration