Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-28164 (GCVE-0-2021-28164)
Vulnerability from cvelistv5 – Published: 2021-04-01 14:20 – Updated: 2024-08-03 21:40
VLAI
EPSS
Summary
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Severity
5.3 (Medium)
Assigner
References
25 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty |
Affected:
9.4.37.v20210219 , < unspecified
(custom)
Affected: unspecified , ≤ 9.4.38.v20210224 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "9.4.37.v20210219",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.4.38.v20210224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-551",
"description": "CWE-551",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:54:18.000Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.37.v20210219"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.38.v20210224"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-551"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2021-28164",
"datePublished": "2021-04-01T14:20:14.000Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:40:12.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-28164",
"date": "2026-06-02",
"epss": "0.93485",
"percentile": "0.99831"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-28164\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2021-04-01T15:15:14.157\",\"lastModified\":\"2024-11-21T05:59:13.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF.\u0026#xa0;Por ejemplo, una petici\u00f3n a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml.\u0026#xa0;Esto puede divulgar informaci\u00f3n confidencial sobre la implementaci\u00f3n de una aplicaci\u00f3n web.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-551\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55D7BBC-875B-4AF6-8298-AE3DE6A4EBEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.38:20210224:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F8A8973-E774-4C85-8EA7-A98C5B77E2DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"197D0D80-6702-4B61-B681-AFDBA7D69067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24B8DB06-590A-4008-B0AB-FCD1401C77C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndIncluding\":\"11.70.1\",\"matchCriteriaId\":\"73F81EC3-4AB0-4CD7-B845-267C5974DE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*\",\"matchCriteriaId\":\"1AEFF829-A8F2-4041-8DDF-E705DB3ADED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"214712B6-59AF-4B5E-84BF-AF3C74A390EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15BCF1-1B1D-49D8-9B76-46DCB10044DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"DC01D8F3-291A-44E5-99C1-6771F6656E0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.6\",\"matchCriteriaId\":\"D5D73B53-9750-4844-A767-21F8A0CEE0B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.6\",\"matchCriteriaId\":\"0C0FF89C-3DC1-4FF4-9447-128028EEA80B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*\",\"versionStartIncluding\":\"9.6\",\"matchCriteriaId\":\"FF852A4C-7818-408D-A46B-2F4EE1AB8895\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97994257-C9A4-4491-B362-E8B25B7187AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CBFC93F-8B39-45A2-981C-59B187169BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0843465C-F940-4FFC-998D-9A2668B75EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D6895A6-511A-4DC6-9F9B-58E05B86BDB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.2.4\",\"matchCriteriaId\":\"1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.9\",\"matchCriteriaId\":\"BEAB4771-C33C-4151-AEAE-A6D2C892C3C8\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210611-0006/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210611-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
Title
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с ошибками при обработке информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость контейнера сервлетов Eclipse Jetty связана с ошибками при обработке информации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации
Severity
Vendor
Oracle Corp., Eclipse Foundation, IBM Corp., АО "НППКТ"
Software Name
Oracle Communications Services Gatekeeper, Oracle Banking Digital Experience, Oracle Banking APIs, Autovue for Agile Product Lifecycle Management, REST Data Services, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager, Siebel CRM, Jetty, Oracle Communications Element Manager, IBM QRadar SIEM, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7.0 (Oracle Communications Services Gatekeeper), 20.1 (Oracle Banking Digital Experience), 21.1 (Oracle Banking Digital Experience), 20.1 (Oracle Banking APIs), 21.1 (Oracle Banking APIs), 21.0.2 (Autovue for Agile Product Lifecycle Management), до 21.3 (REST Data Services), от 8.0.0.0 до 8.2.4.0 включительно (Oracle Communications Session Report Manager), от 8.0.0.0 до 8.2.4.0 включительно (Oracle Communications Session Route Manager), до 21.9 включительно (Siebel CRM), до 9.4.39 (Jetty), 8.2.2 (Oracle Communications Element Manager), от 7.3 до 7.3.3 Fix Pack 12 (IBM QRadar SIEM), от 7.4 до 7.4.3 Fix Pack 6 (IBM QRadar SIEM), от 7.5 до 7.5.0 Update Pack 2 (IBM QRadar SIEM), до 2.5 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Обновление программного обеспечения Eclipse Jetty до актуальной версии
Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6614725
Для ОСОН Основа:
Обновление программного обеспечения jetty9 до версии 9.4.39+repack-3osnova1
Reference
http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html
https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E
https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E
https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E
https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E
https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E
https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E
https://security.netapp.com/advisory/ntap-20210611-0006/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.ibm.com/support/pages/node/6614725
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp., Eclipse Foundation, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.0 (Oracle Communications Services Gatekeeper), 20.1 (Oracle Banking Digital Experience), 21.1 (Oracle Banking Digital Experience), 20.1 (Oracle Banking APIs), 21.1 (Oracle Banking APIs), 21.0.2 (Autovue for Agile Product Lifecycle Management), \u0434\u043e 21.3 (REST Data Services), \u043e\u0442 8.0.0.0 \u0434\u043e 8.2.4.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Communications Session Report Manager), \u043e\u0442 8.0.0.0 \u0434\u043e 8.2.4.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Communications Session Route Manager), \u0434\u043e 21.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Siebel CRM), \u0434\u043e 9.4.39 (Jetty), 8.2.2 (Oracle Communications Element Manager), \u043e\u0442 7.3 \u0434\u043e 7.3.3 Fix Pack 12 (IBM QRadar SIEM), \u043e\u0442 7.4 \u0434\u043e 7.4.3 Fix Pack 6 (IBM QRadar SIEM), \u043e\u0442 7.5 \u0434\u043e 7.5.0 Update Pack 2 (IBM QRadar SIEM), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Eclipse Jetty \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle Corp.:\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpuoct2021.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6614725\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f jetty9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.4.39+repack-3osnova1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.04.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.10.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05510",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-28164",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Oracle Communications Services Gatekeeper, Oracle Banking Digital Experience, Oracle Banking APIs, Autovue for Agile Product Lifecycle Management, REST Data Services, Oracle Communications Session Report Manager, Oracle Communications Session Route Manager, Siebel CRM, Jetty, Oracle Communications Element Manager, IBM QRadar SIEM, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Eclipse Jetty, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430 \u0441\u0435\u0440\u0432\u043b\u0435\u0442\u043e\u0432 Eclipse Jetty \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5\nhttps://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E\nhttps://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E\nhttps://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E\nhttps://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E\nhttps://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E\nhttps://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E\nhttps://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E\nhttps://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E\nhttps://security.netapp.com/advisory/ntap-20210611-0006/\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpuoct2021.html\nhttps://www.ibm.com/support/pages/node/6614725\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}
CERTFR-2021-AVI-951
Vulnerability from certfr_avis - Published: 2021-12-15 - Updated: 2021-12-15
De multiples vulnérabilités ont été découvertes dans le noyau Linux de RedHat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le | ||
| Red Hat | N/A | Red Hat Integration Text-Only Advisories x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Openshift Application Runtimes Text-Only Advisories x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat Integration - Camel K 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le | ||
| Red Hat | N/A | Red Hat Fuse 1 x86_64 | ||
| SolarWinds | Platform | Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64 | ||
| Red Hat | N/A | Red Hat JBoss Data Grid Text-Only Advisories x86_64 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - AUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform for Power 4.8 for RHEL 8 ppc64le",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Integration Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Openshift Application Runtimes Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.4 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Integration - Camel K 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform 4.8 for RHEL 8 x86_64",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Fuse 1 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.8 for RHEL 8 s390x",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat JBoss Data Grid Text-Only Advisories x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"name": "CVE-2020-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
},
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2021-22118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
},
{
"name": "CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"name": "CVE-2021-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2020-11988",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11988"
},
{
"name": "CVE-2020-35510",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35510"
},
{
"name": "CVE-2021-45606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45606"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"name": "CVE-2021-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3597"
},
{
"name": "CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3690"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2021-22696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2020-26217",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2019-10744",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10744"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-30468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30468"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"name": "CVE-2019-12415",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
},
{
"name": "CVE-2021-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20218"
},
{
"name": "CVE-2020-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27782"
},
{
"name": "CVE-2021-30129",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30129"
},
{
"name": "CVE-2020-17527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2020-13943",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13943"
},
{
"name": "CVE-2020-15522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15522"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2020-11987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3629"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"initial_release_date": "2021-12-15T00:00:00",
"last_revision_date": "2021-12-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5101 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHBA-2021:5101"
}
],
"reference": "CERTFR-2021-AVI-951",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRedHat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5130 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5130"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHBA-2021:5114 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHBA-2021:5114"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5138 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5138"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5132 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5132"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5126 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5126"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5134 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5134"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5133 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5108 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5108"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2021:5093 du 14 d\u00e9cembre 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:5093"
}
]
}
CERTFR-2022-AVI-523
Vulnerability from certfr_avis - Published: 2022-06-07 - Updated: 2022-06-07
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923 | ||
| IBM | MaaS360 | IBM MaaS360 Cloud Extender Agent versions antérieures à 2.106.500.011 | ||
| IBM | MaaS360 | IBM MaaS360 VPN Module versions antérieures à 2.106.500 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614 | ||
| IBM | MaaS360 | IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 2.106.500 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.5-20220217192923",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 2.106.500.011",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 VPN Module versions ant\u00e9rieures \u00e0 2.106.500",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.3-20220214173614",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 2.106.500",
"product": {
"name": "MaaS360",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-BlueCoatWSSRESTAPI-7.4-20220217192850",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
},
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"name": "CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2022-0547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"initial_release_date": "2022-06-07T00:00:00",
"last_revision_date": "2022-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2022-06-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6592779",
"url": "https://www.ibm.com/support/pages/node/6592779"
},
{
"published_at": "2022-06-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6592807",
"url": "https://www.ibm.com/support/pages/node/6592807"
},
{
"published_at": "2022-06-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6592799",
"url": "https://www.ibm.com/support/pages/node/6592799"
}
]
}
CERTFR-2022-AVI-767
Vulnerability from certfr_avis - Published: 2022-08-24 - Updated: 2022-08-24
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antérieures à 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 Update Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Discover versions antérieures à 2.0.4.7 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antérieures à 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2021-20180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2020-25658",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
},
{
"name": "CVE-2020-15084",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2020-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
},
{
"name": "CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-46462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2021-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
},
{
"name": "CVE-2022-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
},
{
"name": "CVE-2019-18874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
},
{
"name": "CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2021-46461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2020-13757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
},
{
"name": "CVE-2021-46463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"name": "CVE-2020-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
}
],
"initial_release_date": "2022-08-24T00:00:00",
"last_revision_date": "2022-08-24T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614909"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614725"
}
]
}
Title
Eclipse Jetty权限绕过漏洞
Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。
Eclipse Jetty 9.4.37.v20210219至9.4.38.v20210224版本存在安全漏洞,该漏洞源于默认符合性模式允许具有包含%2e或%2e%2e段的URI的请求访问WEB-INF目录中受保护的资源,攻击者可以利用例如对/context/%2e/WEB-INF/web.xml可以检索web.xml文件,可能会显示有关web应用程序实现的敏感信息。
Severity
中
Patch Name
Eclipse Jetty权限绕过漏洞的补丁
Patch Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。
Eclipse Jetty 9.4.37.v20210219至9.4.38.v20210224版本存在安全漏洞,该漏洞源于默认符合性模式允许具有包含%2e或%2e%2e段的URI的请求访问WEB-INF目录中受保护的资源,攻击者可以利用例如对/context/%2e/WEB-INF/web.xml可以检索web.xml文件,可能会显示有关web应用程序实现的敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-28164
Impacted products
| Name | Eclipse Eclipse Jetty >=9.4.37.v20210219,<=9.4.38.v20210224 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-28164",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
}
},
"description": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\n\nEclipse Jetty 9.4.37.v20210219\u81f39.4.38.v20210224\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u7b26\u5408\u6027\u6a21\u5f0f\u5141\u8bb8\u5177\u6709\u5305\u542b%2e\u6216%2e%2e\u6bb5\u7684URI\u7684\u8bf7\u6c42\u8bbf\u95eeWEB-INF\u76ee\u5f55\u4e2d\u53d7\u4fdd\u62a4\u7684\u8d44\u6e90\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u4f8b\u5982\u5bf9/context/%2e/WEB-INF/web.xml\u53ef\u4ee5\u68c0\u7d22web.xml\u6587\u4ef6\uff0c\u53ef\u80fd\u4f1a\u663e\u793a\u6709\u5173web\u5e94\u7528\u7a0b\u5e8f\u5b9e\u73b0\u7684\u654f\u611f\u4fe1\u606f\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-27374",
"openTime": "2021-04-12",
"patchDescription": "Eclipse Jetty\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u3001\u57fa\u4e8eJava\u7684Web\u670d\u52a1\u5668\u548cJava Servlet\u5bb9\u5668\u3002\r\n\r\nEclipse Jetty 9.4.37.v20210219\u81f39.4.38.v20210224\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9ed8\u8ba4\u7b26\u5408\u6027\u6a21\u5f0f\u5141\u8bb8\u5177\u6709\u5305\u542b%2e\u6216%2e%2e\u6bb5\u7684URI\u7684\u8bf7\u6c42\u8bbf\u95eeWEB-INF\u76ee\u5f55\u4e2d\u53d7\u4fdd\u62a4\u7684\u8d44\u6e90\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u4f8b\u5982\u5bf9/context/%2e/WEB-INF/web.xml\u53ef\u4ee5\u68c0\u7d22web.xml\u6587\u4ef6\uff0c\u53ef\u80fd\u4f1a\u663e\u793a\u6709\u5173web\u5e94\u7528\u7a0b\u5e8f\u5b9e\u73b0\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Eclipse Jetty\u6743\u9650\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Eclipse Eclipse Jetty \u003e=9.4.37.v20210219\uff0c\u003c=9.4.38.v20210224"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164",
"serverity": "\u4e2d",
"submitTime": "2021-04-02",
"title": "Eclipse Jetty\u6743\u9650\u7ed5\u8fc7\u6f0f\u6d1e"
}
FKIE_CVE-2021-28164
Vulnerability from fkie_nvd - Published: 2021-04-01 15:15 - Updated: 2024-11-21 05:59
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:*",
"matchCriteriaId": "E55D7BBC-875B-4AF6-8298-AE3DE6A4EBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eclipse:jetty:9.4.38:20210224:*:*:*:*:*:*",
"matchCriteriaId": "4F8A8973-E774-4C85-8EA7-A98C5B77E2DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB15BCF1-1B1D-49D8-9B76-46DCB10044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "D5D73B53-9750-4844-A767-21F8A0CEE0B3",
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B",
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "FF852A4C-7818-408D-A46B-2F4EE1AB8895",
"versionStartIncluding": "9.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF",
"versionEndIncluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAB4771-C33C-4151-AEAE-A6D2C892C3C8",
"versionEndIncluding": "21.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
},
{
"lang": "es",
"value": "En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF.\u0026#xa0;Por ejemplo, una petici\u00f3n a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml.\u0026#xa0;Esto puede divulgar informaci\u00f3n confidencial sobre la implementaci\u00f3n de una aplicaci\u00f3n web."
}
],
"id": "CVE-2021-28164",
"lastModified": "2024-11-21T05:59:13.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-01T15:15:14.157",
"references": [
{
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"source": "emo@eclipse.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"source": "emo@eclipse.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"source": "emo@eclipse.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "emo@eclipse.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "emo@eclipse.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-551"
}
],
"source": "emo@eclipse.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-V7FF-8WCX-GMC5
Vulnerability from github – Published: 2021-04-06 17:31 – Updated: 2022-04-17 16:45
VLAI
Summary
Authorization Before Parsing and Canonicalization in jetty
Details
Release 9.4.37 introduced a more precise implementation of RFC3986 with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed % encoded . characters to be excluded for URI normalisation, which is correct by the RFC, but is not assumed by common Servlet implementations. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. Workarounds found by HttpCompliance mode RFC7230_NO_AMBIGUOUS_URIS can be enabled by updating start.d/http.ini to include: jetty.http.compliance=RFC7230_NO_AMBIGUOUS_URIS.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.eclipse.jetty:jetty-webapp"
},
"ranges": [
{
"events": [
{
"introduced": "9.4.37"
},
{
"fixed": "9.4.39"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28164"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-551",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-02T20:28:10Z",
"nvd_published_at": "2021-04-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "Release 9.4.37 introduced a more precise implementation of [RFC3986](https://tools.ietf.org/html/rfc3986#section-3.3) with regards to URI decoding, together with some new compliance modes to optionally allow support of some URI that may have ambiguous interpretation within the Servlet specified API methods behaviours. The default mode allowed % encoded . characters to be excluded for URI normalisation, which is correct by the RFC, but is not assumed by common Servlet implementations. The default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the `WEB-INF` directory. For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file. This can reveal sensitive information regarding the implementation of a web application. Workarounds found by HttpCompliance mode RFC7230_NO_AMBIGUOUS_URIS can be enabled by updating `start.d/http.ini` to include: jetty.http.compliance=RFC7230_NO_AMBIGUOUS_URIS.",
"id": "GHSA-v7ff-8wcx-gmc5",
"modified": "2022-04-17T16:45:25Z",
"published": "2021-04-06T17:31:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210611-0006"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse/jetty.project"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Authorization Before Parsing and Canonicalization in jetty"
}
GSD-2021-28164
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-28164",
"description": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"id": "GSD-2021-28164",
"references": [
"https://www.suse.com/security/cve/CVE-2021-28164.html",
"https://access.redhat.com/errata/RHSA-2021:5134",
"https://access.redhat.com/errata/RHSA-2021:4767",
"https://access.redhat.com/errata/RHSA-2021:3700",
"https://access.redhat.com/errata/RHSA-2021:3225",
"https://access.redhat.com/errata/RHSA-2021:2689",
"https://access.redhat.com/errata/RHSA-2021:1560",
"https://access.redhat.com/errata/RHSA-2021:1509",
"https://packetstormsecurity.com/files/cve/CVE-2021-28164",
"https://access.redhat.com/errata/RHSA-2022:6407"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-28164"
],
"details": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"id": "GSD-2021-28164",
"modified": "2023-12-13T01:23:28.807053Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "9.4.37.v20210219"
},
{
"version_affected": "\u003c=",
"version_value": "9.4.38.v20210224"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
]
},
"impact": {
"cvss": {
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-551"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[9.4.37,9.4.38]",
"affected_versions": "All versions starting from 9.4.37 up to 9.4.38",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-07-14",
"description": "In Eclipse Jetty v20210219 to v20210224, the default compliance mode allows requests with URIs that contain `%2e` o`` %2e%2e` segments to access protected resources within the WEB-INF directory. For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file. This can reveal sensitive information regarding the implementation of a web application.",
"fixed_versions": [
"9.4.38.v20210224"
],
"identifier": "CVE-2021-28164",
"identifiers": [
"CVE-2021-28164",
"GHSA-v7ff-8wcx-gmc5"
],
"not_impacted": "All versions before 9.4.37, all versions after 9.4.38",
"package_slug": "maven/org.eclipse.jetty/jetty-client",
"pubdate": "2021-04-01",
"solution": "Upgrade to version 9.4.38.v20210224 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
],
"uuid": "d77c08df-fa4c-49fa-9a4d-945de8f27eee"
},
{
"affected_range": "[9.4.37,9.4.38]",
"affected_versions": "All versions starting from 9.4.37 up to 9.4.38",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-07-14",
"description": "In Eclipse Jetty the default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the WEB-INF directory. For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file. This can reveal sensitive information regarding the implementation of a web application.",
"fixed_versions": [
"9.4.38.v20210224"
],
"identifier": "CVE-2021-28164",
"identifiers": [
"CVE-2021-28164",
"GHSA-v7ff-8wcx-gmc5"
],
"not_impacted": "All versions before 9.4.37, all versions after 9.4.38",
"package_slug": "maven/org.eclipse.jetty/jetty-http",
"pubdate": "2021-04-01",
"solution": "Upgrade to version 9.4.38.v20210224 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
],
"uuid": "faefee1c-15c0-4b27-8153-5453ab8e333c"
},
{
"affected_range": "[9.4.37,9.4.38]",
"affected_versions": "All versions starting from 9.4.37 up to 9.4.38",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-07-14",
"description": "In Eclipse Jetty the default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the WEB-INF directory. For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file. This can reveal sensitive information regarding the implementation of a web application.",
"fixed_versions": [
"9.4.38.v20210224"
],
"identifier": "CVE-2021-28164",
"identifiers": [
"CVE-2021-28164",
"GHSA-v7ff-8wcx-gmc5"
],
"not_impacted": "All versions before 9.4.37, all versions after 9.4.38",
"package_slug": "maven/org.eclipse.jetty/jetty-server",
"pubdate": "2021-04-01",
"solution": "Upgrade to version 9.4.38.v20210224 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
],
"uuid": "f37963b6-a627-4833-84b5-6143822ebb08"
},
{
"affected_range": "[9.4.37,9.4.38]",
"affected_versions": "All versions starting from 9.4.37 up to 9.4.38",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-07-14",
"description": "In Eclipse Jetty the default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the WEB-INF directory. For example a request to `/context/%2e/WEB-INF/web.xml` can retrieve the `web.xml` file. This can reveal sensitive information regarding the implementation of a web application.",
"fixed_versions": [
"9.4.38.v20210224"
],
"identifier": "CVE-2021-28164",
"identifiers": [
"CVE-2021-28164",
"GHSA-v7ff-8wcx-gmc5"
],
"not_impacted": "All versions before 9.4.37, all versions after 9.4.38",
"package_slug": "maven/org.eclipse.jetty/jetty-util",
"pubdate": "2021-04-01",
"solution": "Upgrade to version 9.4.38.v20210224 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
],
"uuid": "8ae039ea-fdd4-4460-9f0f-284501d25624"
},
{
"affected_range": "[9.4.37,9.4.38]",
"affected_versions": "All versions starting from 9.4.37 up to 9.4.38",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-07-14",
"description": "In Eclipse Jetty, the default compliance mode allows requests with URIs that contain `%2e` or `%2e%2e` segments to access protected resources within the WEB-INF directory.",
"fixed_versions": [
"9.4.38.v20210224"
],
"identifier": "CVE-2021-28164",
"identifiers": [
"CVE-2021-28164",
"GHSA-v7ff-8wcx-gmc5"
],
"not_impacted": "All versions before 9.4.37, all versions after 9.4.38",
"package_slug": "maven/org.eclipse.jetty/jetty-webapp",
"pubdate": "2021-04-01",
"solution": "Upgrade to version 9.4.38.v20210224 or above.",
"title": "Information Exposure",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
],
"uuid": "2cb7c762-15c6-423a-a6da-1c1c7c274c60"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.37:20210219:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.38:20210224:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionStartIncluding": "9.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.70.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "21.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.4",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2021-28164"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
},
{
"name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
},
{
"name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
},
{
"name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
},
{
"name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html"
},
{
"name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2022-07-14T15:44Z",
"publishedDate": "2021-04-01T15:15Z"
}
}
}
OPENSUSE-SU-2021:2005-1
Vulnerability from csaf_opensuse - Published: 2021-07-11 08:05 - Updated: 2021-07-11 08:05Summary
Security update for jetty-minimal
Severity
Important
Notes
Title of the patch: Security update for jetty-minimal
Description of the patch: This update for jetty-minimal fixes the following issues:
Update to version 9.4.42.v20210604
- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory
- Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408
- Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs
- Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Patchnames: openSUSE-SLE-15.3-2021-2005
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jetty-minimal",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jetty-minimal fixes the following issues:\n\nUpdate to version 9.4.42.v20210604\n\n- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory\n- Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length \u003e 17408\n- Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs\n- Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-2005",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2005-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:2005-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4KKN3NUA6VAZ6XTFLI3KB3IHAPVD46L/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:2005-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U4KKN3NUA6VAZ6XTFLI3KB3IHAPVD46L/"
},
{
"category": "self",
"summary": "SUSE Bug 1184366",
"url": "https://bugzilla.suse.com/1184366"
},
{
"category": "self",
"summary": "SUSE Bug 1184367",
"url": "https://bugzilla.suse.com/1184367"
},
{
"category": "self",
"summary": "SUSE Bug 1184368",
"url": "https://bugzilla.suse.com/1184368"
},
{
"category": "self",
"summary": "SUSE Bug 1187117",
"url": "https://bugzilla.suse.com/1187117"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28163 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28164 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28165 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28169 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28169/"
}
],
"title": "Security update for jetty-minimal",
"tracking": {
"current_release_date": "2021-07-11T08:05:38Z",
"generator": {
"date": "2021-07-11T08:05:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:2005-1",
"initial_release_date": "2021-07-11T08:05:38Z",
"revision_history": [
{
"date": "2021-07-11T08:05:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-annotations-9.4.42-3.9.1.noarch",
"product_id": "jetty-annotations-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-client-9.4.42-3.9.1.noarch",
"product_id": "jetty-client-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-continuation-9.4.42-3.9.1.noarch",
"product_id": "jetty-continuation-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-http-9.4.42-3.9.1.noarch",
"product_id": "jetty-http-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-io-9.4.42-3.9.1.noarch",
"product_id": "jetty-io-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-jaas-9.4.42-3.9.1.noarch",
"product_id": "jetty-jaas-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"product_id": "jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"product_id": "jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-jmx-9.4.42-3.9.1.noarch",
"product_id": "jetty-jmx-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-jndi-9.4.42-3.9.1.noarch",
"product_id": "jetty-jndi-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-jsp-9.4.42-3.9.1.noarch",
"product_id": "jetty-jsp-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"product_id": "jetty-minimal-javadoc-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-openid-9.4.42-3.9.1.noarch",
"product_id": "jetty-openid-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-plus-9.4.42-3.9.1.noarch",
"product_id": "jetty-plus-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-proxy-9.4.42-3.9.1.noarch",
"product_id": "jetty-proxy-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-security-9.4.42-3.9.1.noarch",
"product_id": "jetty-security-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-server-9.4.42-3.9.1.noarch",
"product_id": "jetty-server-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-servlet-9.4.42-3.9.1.noarch",
"product_id": "jetty-servlet-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-util-9.4.42-3.9.1.noarch",
"product_id": "jetty-util-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-util-ajax-9.4.42-3.9.1.noarch",
"product_id": "jetty-util-ajax-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-webapp-9.4.42-3.9.1.noarch",
"product_id": "jetty-webapp-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-api-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-api-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-api-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-client-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-client-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-client-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-common-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-common-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-common-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-javadoc-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-server-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-server-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-server-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"product_id": "jetty-websocket-servlet-9.4.42-3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.42-3.9.1.noarch",
"product": {
"name": "jetty-xml-9.4.42-3.9.1.noarch",
"product_id": "jetty-xml-9.4.42-3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-annotations-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-client-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-continuation-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-http-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-io-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-jaas-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-jmx-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-jndi-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-jsp-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-openid-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-plus-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-proxy-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-security-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-server-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-servlet-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-util-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-util-ajax-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-webapp-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-api-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-api-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-client-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-client-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-common-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-common-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-javadoc-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-server-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-server-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-websocket-servlet-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.42-3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
},
"product_reference": "jetty-xml-9.4.42-3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-28163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28163"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28163",
"url": "https://www.suse.com/security/cve/CVE-2021-28163"
},
{
"category": "external",
"summary": "SUSE Bug 1184366 for CVE-2021-28163",
"url": "https://bugzilla.suse.com/1184366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-11T08:05:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28163"
},
{
"cve": "CVE-2021-28164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28164"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28164",
"url": "https://www.suse.com/security/cve/CVE-2021-28164"
},
{
"category": "external",
"summary": "SUSE Bug 1184368 for CVE-2021-28164",
"url": "https://bugzilla.suse.com/1184368"
},
{
"category": "external",
"summary": "SUSE Bug 1188438 for CVE-2021-28164",
"url": "https://bugzilla.suse.com/1188438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-11T08:05:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28164"
},
{
"cve": "CVE-2021-28165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28165"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28165",
"url": "https://www.suse.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "SUSE Bug 1184367 for CVE-2021-28165",
"url": "https://bugzilla.suse.com/1184367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-11T08:05:38Z",
"details": "important"
}
],
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2021-28169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28169"
}
],
"notes": [
{
"category": "general",
"text": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28169",
"url": "https://www.suse.com/security/cve/CVE-2021-28169"
},
{
"category": "external",
"summary": "SUSE Bug 1187117 for CVE-2021-28169",
"url": "https://bugzilla.suse.com/1187117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:jetty-annotations-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-continuation-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-http-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-io-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jaas-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-client-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-javax-websocket-server-impl-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jmx-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jndi-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-jsp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-minimal-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-openid-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-plus-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-proxy-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-security-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-util-ajax-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-webapp-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-api-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-client-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-common-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-javadoc-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-server-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-websocket-servlet-9.4.42-3.9.1.noarch",
"openSUSE Leap 15.3:jetty-xml-9.4.42-3.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-07-11T08:05:38Z",
"details": "moderate"
}
],
"title": "CVE-2021-28169"
}
]
}
OPENSUSE-SU-2024:10878-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
jetty-annotations-9.4.43-1.2 on GA media
Severity
Moderate
Notes
Title of the patch: jetty-annotations-9.4.43-1.2 on GA media
Description of the patch: These are all security issues fixed in the jetty-annotations-9.4.43-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10878
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.8 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
116 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "jetty-annotations-9.4.43-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the jetty-annotations-9.4.43-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10878",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10878-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27218 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27223 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28163 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28164 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28164/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28165 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28165/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28169 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-34429 page",
"url": "https://www.suse.com/security/cve/CVE-2021-34429/"
}
],
"title": "jetty-annotations-9.4.43-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10878-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-annotations-9.4.43-1.2.aarch64",
"product_id": "jetty-annotations-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-ant-9.4.43-1.2.aarch64",
"product_id": "jetty-ant-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-cdi-9.4.43-1.2.aarch64",
"product_id": "jetty-cdi-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-client-9.4.43-1.2.aarch64",
"product_id": "jetty-client-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-continuation-9.4.43-1.2.aarch64",
"product_id": "jetty-continuation-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-deploy-9.4.43-1.2.aarch64",
"product_id": "jetty-deploy-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-fcgi-9.4.43-1.2.aarch64",
"product_id": "jetty-fcgi-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-http-9.4.43-1.2.aarch64",
"product_id": "jetty-http-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-http-spi-9.4.43-1.2.aarch64",
"product_id": "jetty-http-spi-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-io-9.4.43-1.2.aarch64",
"product_id": "jetty-io-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-jaas-9.4.43-1.2.aarch64",
"product_id": "jetty-jaas-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-jmx-9.4.43-1.2.aarch64",
"product_id": "jetty-jmx-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-jndi-9.4.43-1.2.aarch64",
"product_id": "jetty-jndi-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-jsp-9.4.43-1.2.aarch64",
"product_id": "jetty-jsp-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"product_id": "jetty-minimal-javadoc-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-openid-9.4.43-1.2.aarch64",
"product_id": "jetty-openid-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-plus-9.4.43-1.2.aarch64",
"product_id": "jetty-plus-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-proxy-9.4.43-1.2.aarch64",
"product_id": "jetty-proxy-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-quickstart-9.4.43-1.2.aarch64",
"product_id": "jetty-quickstart-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-rewrite-9.4.43-1.2.aarch64",
"product_id": "jetty-rewrite-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-security-9.4.43-1.2.aarch64",
"product_id": "jetty-security-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-server-9.4.43-1.2.aarch64",
"product_id": "jetty-server-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-servlet-9.4.43-1.2.aarch64",
"product_id": "jetty-servlet-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-servlets-9.4.43-1.2.aarch64",
"product_id": "jetty-servlets-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-start-9.4.43-1.2.aarch64",
"product_id": "jetty-start-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-util-9.4.43-1.2.aarch64",
"product_id": "jetty-util-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-util-ajax-9.4.43-1.2.aarch64",
"product_id": "jetty-util-ajax-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-webapp-9.4.43-1.2.aarch64",
"product_id": "jetty-webapp-9.4.43-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.43-1.2.aarch64",
"product": {
"name": "jetty-xml-9.4.43-1.2.aarch64",
"product_id": "jetty-xml-9.4.43-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-annotations-9.4.43-1.2.ppc64le",
"product_id": "jetty-annotations-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-ant-9.4.43-1.2.ppc64le",
"product_id": "jetty-ant-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-cdi-9.4.43-1.2.ppc64le",
"product_id": "jetty-cdi-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-client-9.4.43-1.2.ppc64le",
"product_id": "jetty-client-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-continuation-9.4.43-1.2.ppc64le",
"product_id": "jetty-continuation-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-deploy-9.4.43-1.2.ppc64le",
"product_id": "jetty-deploy-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-fcgi-9.4.43-1.2.ppc64le",
"product_id": "jetty-fcgi-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-http-9.4.43-1.2.ppc64le",
"product_id": "jetty-http-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-http-spi-9.4.43-1.2.ppc64le",
"product_id": "jetty-http-spi-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-io-9.4.43-1.2.ppc64le",
"product_id": "jetty-io-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-jaas-9.4.43-1.2.ppc64le",
"product_id": "jetty-jaas-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-jmx-9.4.43-1.2.ppc64le",
"product_id": "jetty-jmx-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-jndi-9.4.43-1.2.ppc64le",
"product_id": "jetty-jndi-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-jsp-9.4.43-1.2.ppc64le",
"product_id": "jetty-jsp-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"product_id": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-openid-9.4.43-1.2.ppc64le",
"product_id": "jetty-openid-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-plus-9.4.43-1.2.ppc64le",
"product_id": "jetty-plus-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-proxy-9.4.43-1.2.ppc64le",
"product_id": "jetty-proxy-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-quickstart-9.4.43-1.2.ppc64le",
"product_id": "jetty-quickstart-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-rewrite-9.4.43-1.2.ppc64le",
"product_id": "jetty-rewrite-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-security-9.4.43-1.2.ppc64le",
"product_id": "jetty-security-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-server-9.4.43-1.2.ppc64le",
"product_id": "jetty-server-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-servlet-9.4.43-1.2.ppc64le",
"product_id": "jetty-servlet-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-servlets-9.4.43-1.2.ppc64le",
"product_id": "jetty-servlets-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-start-9.4.43-1.2.ppc64le",
"product_id": "jetty-start-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-util-9.4.43-1.2.ppc64le",
"product_id": "jetty-util-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-util-ajax-9.4.43-1.2.ppc64le",
"product_id": "jetty-util-ajax-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-webapp-9.4.43-1.2.ppc64le",
"product_id": "jetty-webapp-9.4.43-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.43-1.2.ppc64le",
"product": {
"name": "jetty-xml-9.4.43-1.2.ppc64le",
"product_id": "jetty-xml-9.4.43-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.43-1.2.s390x",
"product": {
"name": "jetty-annotations-9.4.43-1.2.s390x",
"product_id": "jetty-annotations-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.43-1.2.s390x",
"product": {
"name": "jetty-ant-9.4.43-1.2.s390x",
"product_id": "jetty-ant-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.43-1.2.s390x",
"product": {
"name": "jetty-cdi-9.4.43-1.2.s390x",
"product_id": "jetty-cdi-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.43-1.2.s390x",
"product": {
"name": "jetty-client-9.4.43-1.2.s390x",
"product_id": "jetty-client-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.43-1.2.s390x",
"product": {
"name": "jetty-continuation-9.4.43-1.2.s390x",
"product_id": "jetty-continuation-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.43-1.2.s390x",
"product": {
"name": "jetty-deploy-9.4.43-1.2.s390x",
"product_id": "jetty-deploy-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.43-1.2.s390x",
"product": {
"name": "jetty-fcgi-9.4.43-1.2.s390x",
"product_id": "jetty-fcgi-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.43-1.2.s390x",
"product": {
"name": "jetty-http-9.4.43-1.2.s390x",
"product_id": "jetty-http-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.43-1.2.s390x",
"product": {
"name": "jetty-http-spi-9.4.43-1.2.s390x",
"product_id": "jetty-http-spi-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.43-1.2.s390x",
"product": {
"name": "jetty-io-9.4.43-1.2.s390x",
"product_id": "jetty-io-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.43-1.2.s390x",
"product": {
"name": "jetty-jaas-9.4.43-1.2.s390x",
"product_id": "jetty-jaas-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.43-1.2.s390x",
"product": {
"name": "jetty-jmx-9.4.43-1.2.s390x",
"product_id": "jetty-jmx-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.43-1.2.s390x",
"product": {
"name": "jetty-jndi-9.4.43-1.2.s390x",
"product_id": "jetty-jndi-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.43-1.2.s390x",
"product": {
"name": "jetty-jsp-9.4.43-1.2.s390x",
"product_id": "jetty-jsp-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
"product": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
"product_id": "jetty-minimal-javadoc-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.43-1.2.s390x",
"product": {
"name": "jetty-openid-9.4.43-1.2.s390x",
"product_id": "jetty-openid-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.43-1.2.s390x",
"product": {
"name": "jetty-plus-9.4.43-1.2.s390x",
"product_id": "jetty-plus-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.43-1.2.s390x",
"product": {
"name": "jetty-proxy-9.4.43-1.2.s390x",
"product_id": "jetty-proxy-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.43-1.2.s390x",
"product": {
"name": "jetty-quickstart-9.4.43-1.2.s390x",
"product_id": "jetty-quickstart-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.43-1.2.s390x",
"product": {
"name": "jetty-rewrite-9.4.43-1.2.s390x",
"product_id": "jetty-rewrite-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.43-1.2.s390x",
"product": {
"name": "jetty-security-9.4.43-1.2.s390x",
"product_id": "jetty-security-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.43-1.2.s390x",
"product": {
"name": "jetty-server-9.4.43-1.2.s390x",
"product_id": "jetty-server-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.43-1.2.s390x",
"product": {
"name": "jetty-servlet-9.4.43-1.2.s390x",
"product_id": "jetty-servlet-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.43-1.2.s390x",
"product": {
"name": "jetty-servlets-9.4.43-1.2.s390x",
"product_id": "jetty-servlets-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.43-1.2.s390x",
"product": {
"name": "jetty-start-9.4.43-1.2.s390x",
"product_id": "jetty-start-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.43-1.2.s390x",
"product": {
"name": "jetty-util-9.4.43-1.2.s390x",
"product_id": "jetty-util-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.43-1.2.s390x",
"product": {
"name": "jetty-util-ajax-9.4.43-1.2.s390x",
"product_id": "jetty-util-ajax-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.43-1.2.s390x",
"product": {
"name": "jetty-webapp-9.4.43-1.2.s390x",
"product_id": "jetty-webapp-9.4.43-1.2.s390x"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.43-1.2.s390x",
"product": {
"name": "jetty-xml-9.4.43-1.2.s390x",
"product_id": "jetty-xml-9.4.43-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "jetty-annotations-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-annotations-9.4.43-1.2.x86_64",
"product_id": "jetty-annotations-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-ant-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-ant-9.4.43-1.2.x86_64",
"product_id": "jetty-ant-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-cdi-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-cdi-9.4.43-1.2.x86_64",
"product_id": "jetty-cdi-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-client-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-client-9.4.43-1.2.x86_64",
"product_id": "jetty-client-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-continuation-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-continuation-9.4.43-1.2.x86_64",
"product_id": "jetty-continuation-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-deploy-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-deploy-9.4.43-1.2.x86_64",
"product_id": "jetty-deploy-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-fcgi-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-fcgi-9.4.43-1.2.x86_64",
"product_id": "jetty-fcgi-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-http-9.4.43-1.2.x86_64",
"product_id": "jetty-http-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-http-spi-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-http-spi-9.4.43-1.2.x86_64",
"product_id": "jetty-http-spi-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-io-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-io-9.4.43-1.2.x86_64",
"product_id": "jetty-io-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jaas-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-jaas-9.4.43-1.2.x86_64",
"product_id": "jetty-jaas-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jmx-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-jmx-9.4.43-1.2.x86_64",
"product_id": "jetty-jmx-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jndi-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-jndi-9.4.43-1.2.x86_64",
"product_id": "jetty-jndi-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-jsp-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-jsp-9.4.43-1.2.x86_64",
"product_id": "jetty-jsp-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"product_id": "jetty-minimal-javadoc-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-openid-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-openid-9.4.43-1.2.x86_64",
"product_id": "jetty-openid-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-plus-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-plus-9.4.43-1.2.x86_64",
"product_id": "jetty-plus-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-proxy-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-proxy-9.4.43-1.2.x86_64",
"product_id": "jetty-proxy-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-quickstart-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-quickstart-9.4.43-1.2.x86_64",
"product_id": "jetty-quickstart-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-rewrite-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-rewrite-9.4.43-1.2.x86_64",
"product_id": "jetty-rewrite-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-security-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-security-9.4.43-1.2.x86_64",
"product_id": "jetty-security-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-server-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-server-9.4.43-1.2.x86_64",
"product_id": "jetty-server-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlet-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-servlet-9.4.43-1.2.x86_64",
"product_id": "jetty-servlet-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-servlets-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-servlets-9.4.43-1.2.x86_64",
"product_id": "jetty-servlets-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-start-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-start-9.4.43-1.2.x86_64",
"product_id": "jetty-start-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-util-9.4.43-1.2.x86_64",
"product_id": "jetty-util-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-util-ajax-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-util-ajax-9.4.43-1.2.x86_64",
"product_id": "jetty-util-ajax-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-webapp-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-webapp-9.4.43-1.2.x86_64",
"product_id": "jetty-webapp-9.4.43-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "jetty-xml-9.4.43-1.2.x86_64",
"product": {
"name": "jetty-xml-9.4.43-1.2.x86_64",
"product_id": "jetty-xml-9.4.43-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-annotations-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-annotations-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x"
},
"product_reference": "jetty-annotations-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-annotations-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-annotations-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-ant-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-ant-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x"
},
"product_reference": "jetty-ant-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-ant-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-ant-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-cdi-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-cdi-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x"
},
"product_reference": "jetty-cdi-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-cdi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-cdi-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-client-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-client-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x"
},
"product_reference": "jetty-client-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-client-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-client-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-continuation-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-continuation-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x"
},
"product_reference": "jetty-continuation-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-continuation-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-continuation-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-deploy-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-deploy-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x"
},
"product_reference": "jetty-deploy-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-deploy-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-deploy-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-fcgi-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-fcgi-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x"
},
"product_reference": "jetty-fcgi-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-fcgi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-fcgi-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-http-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-http-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x"
},
"product_reference": "jetty-http-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-http-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-http-spi-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-http-spi-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x"
},
"product_reference": "jetty-http-spi-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-http-spi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-http-spi-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-io-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-io-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x"
},
"product_reference": "jetty-io-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-io-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-io-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-jaas-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-jaas-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x"
},
"product_reference": "jetty-jaas-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jaas-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-jaas-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-jmx-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-jmx-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x"
},
"product_reference": "jetty-jmx-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jmx-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-jmx-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-jndi-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-jndi-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x"
},
"product_reference": "jetty-jndi-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jndi-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-jndi-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-jsp-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-jsp-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x"
},
"product_reference": "jetty-jsp-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-jsp-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-jsp-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x"
},
"product_reference": "jetty-minimal-javadoc-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-minimal-javadoc-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-openid-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-openid-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x"
},
"product_reference": "jetty-openid-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-openid-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-openid-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-plus-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-plus-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x"
},
"product_reference": "jetty-plus-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-plus-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-plus-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-proxy-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-proxy-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x"
},
"product_reference": "jetty-proxy-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-proxy-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-proxy-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-quickstart-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-quickstart-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x"
},
"product_reference": "jetty-quickstart-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-quickstart-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-quickstart-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-rewrite-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-rewrite-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x"
},
"product_reference": "jetty-rewrite-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-rewrite-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-rewrite-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-security-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-security-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x"
},
"product_reference": "jetty-security-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-security-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-security-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-server-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-server-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x"
},
"product_reference": "jetty-server-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-server-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-server-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-servlet-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-servlet-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x"
},
"product_reference": "jetty-servlet-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlet-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-servlet-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-servlets-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-servlets-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x"
},
"product_reference": "jetty-servlets-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-servlets-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-servlets-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-start-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-start-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x"
},
"product_reference": "jetty-start-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-start-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-start-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-util-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-util-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x"
},
"product_reference": "jetty-util-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-util-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-util-ajax-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-util-ajax-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x"
},
"product_reference": "jetty-util-ajax-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-util-ajax-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-util-ajax-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-webapp-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-webapp-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x"
},
"product_reference": "jetty-webapp-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-webapp-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-webapp-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.43-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64"
},
"product_reference": "jetty-xml-9.4.43-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.43-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le"
},
"product_reference": "jetty-xml-9.4.43-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.43-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x"
},
"product_reference": "jetty-xml-9.4.43-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jetty-xml-9.4.43-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
},
"product_reference": "jetty-xml-9.4.43-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27218"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27218",
"url": "https://www.suse.com/security/cve/CVE-2020-27218"
},
{
"category": "external",
"summary": "SUSE Bug 1179727 for CVE-2020-27218",
"url": "https://bugzilla.suse.com/1179727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-27218"
},
{
"cve": "CVE-2020-27223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27223"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \"quality\" (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27223",
"url": "https://www.suse.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "SUSE Bug 1182898 for CVE-2020-27223",
"url": "https://bugzilla.suse.com/1182898"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-27223"
},
{
"cve": "CVE-2021-28163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28163"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28163",
"url": "https://www.suse.com/security/cve/CVE-2021-28163"
},
{
"category": "external",
"summary": "SUSE Bug 1184366 for CVE-2021-28163",
"url": "https://bugzilla.suse.com/1184366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-28163"
},
{
"cve": "CVE-2021-28164",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28164"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28164",
"url": "https://www.suse.com/security/cve/CVE-2021-28164"
},
{
"category": "external",
"summary": "SUSE Bug 1184368 for CVE-2021-28164",
"url": "https://bugzilla.suse.com/1184368"
},
{
"category": "external",
"summary": "SUSE Bug 1188438 for CVE-2021-28164",
"url": "https://bugzilla.suse.com/1188438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-28164"
},
{
"cve": "CVE-2021-28165",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28165"
}
],
"notes": [
{
"category": "general",
"text": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28165",
"url": "https://www.suse.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "SUSE Bug 1184367 for CVE-2021-28165",
"url": "https://bugzilla.suse.com/1184367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-28165"
},
{
"cve": "CVE-2021-28169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28169"
}
],
"notes": [
{
"category": "general",
"text": "For Eclipse Jetty versions \u003c= 9.4.40, \u003c= 10.0.2, \u003c= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28169",
"url": "https://www.suse.com/security/cve/CVE-2021-28169"
},
{
"category": "external",
"summary": "SUSE Bug 1187117 for CVE-2021-28169",
"url": "https://bugzilla.suse.com/1187117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-28169"
},
{
"cve": "CVE-2021-34429",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-34429"
}
],
"notes": [
{
"category": "general",
"text": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-34429",
"url": "https://www.suse.com/security/cve/CVE-2021-34429"
},
{
"category": "external",
"summary": "SUSE Bug 1188438 for CVE-2021-34429",
"url": "https://bugzilla.suse.com/1188438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-annotations-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-ant-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-cdi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-client-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-continuation-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-deploy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-fcgi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-http-spi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-io-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jaas-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jmx-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jndi-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-jsp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-minimal-javadoc-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-openid-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-plus-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-proxy-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-quickstart-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-rewrite-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-security-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-server-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlet-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-servlets-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-start-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-util-ajax-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-webapp-9.4.43-1.2.x86_64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.aarch64",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.ppc64le",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.s390x",
"openSUSE Tumbleweed:jetty-xml-9.4.43-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-34429"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…