CVE-2021-28163

LOWMonitor

Published:Apr 1, 2021(5 years ago)

Modified:Nov 21, 2024

Remote ExploitNo InteractionLow Complexity

Vulnerability Description

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Attack Characteristics

Network AccessLow ComplexityHigh PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
eclipse	jetty	9.4.32 - 9.4.39	-
eclipse	jetty	-	-
eclipse	jetty	-

Timeline

Published
CVE disclosed publicly
Apr 1, 20215 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj...Exploit
https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e5...
https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18...

CVSS Score

v3.1

2.7/ 10.0

LOW

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

At a Glance

Affected Products

References

eclipse / jetty +32 more

https://lists.apache.org/thread.html/r2ea2f0541121f17e470a018484372004...

https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f...

https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc268...

https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f9...

https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98...

https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062...

https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3...

https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c...

https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27...

https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689...

https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa...

https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65...

https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d...

https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c89...

https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b...

https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e...

https://lists.fedoraproject.org/archives/list/package-announce%40lists...

https://security.netapp.com/advisory/ntap-20210611-0006/Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.htmlNot Applicable

https://www.oracle.com/security-alerts/cpujan2022.htmlPatch

https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch

https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj...Exploit

https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e5...

https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18...