JVNDB-2021-005167:Eclipse Jetty における不正な認証に関する脆弱性

VRDA Feed by

Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信

[ about VRDA Feed | JPCERT/CC ]

分析対象脆弱性情報 (リビジョン番号 : 1)

[ Download XML ]

JVNDB-2021-005167 ( CVE-2021-28164 | CVE-2021-28164 )

Eclipse Jetty における不正な認証に関する脆弱性

https://jvndb.jvn.jp/ja/contents/2021/JVNDB-2021-005167.html

原文

Eclipse Jetty には、不正な認証に関する脆弱性が存在します。

翻訳 (表示)

この情報について

分析情報提供元:

JVN iPedia

初版公開日:

2021-12-08

分析対象脆弱性情報の分類:

アドバイザリ・注意喚起

最終更新日:

2021-12-08

脆弱性の影響を受ける製品の識別子

cpe:/a:apache:ignite

cpe:/a:apache:solr

cpe:/a:apache:zookeeper

cpe:/a:eclipse:jetty

cpe:/a:netapp:cloud_manager

cpe:/a:netapp:e-series_performance_analyzer

cpe:/a:netapp:e-series_santricity_os_controller

cpe:/a:oracle:agile_product_lifecycle_management_framework

cpe:/a:oracle:communications_session_route_manager

cpe:/a:oracle:siebel_core_-_automation

脆弱性の分析内容

[攻撃元区分] ^[?]

未評価^[?]

ローカル^[?]

隣接^[?]

ネットワーク^[?]

[攻撃条件の複雑さ] ^[?]

未評価^[?]

高^[?]

中^[?]

低^[?]

[攻撃前の認証要否] ^[?]

未評価^[?]

複数^[?]

単一^[?]

不要^[?]

[機密性への影響] ^[?]

未評価^[?]

影響なし^[?]

部分的^[?]

全面的^[?]

[完全性への影響] ^[?]

未評価^[?]

影響なし^[?]

部分的^[?]

全面的^[?]

[可用性への影響] ^[?]

未評価^[?]

影響なし^[?]

部分的^[?]

全面的^[?]

関連情報

Common Vulnerabilities and Exposures (CVE) CVE-2021-28164

National Vulnerability Database (NVD) CVE-2021-28164

参考情報

GitHub Ambiguous paths can access WEB-INF

JVNDB CWE-863 不正な認証

NetApp Advisory NTAP-20210611-0006

Oracle Critical Patch Update Oracle Critical Patch Update Advisory - October 2021

Pony Mail [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0 (t10mhyholw95zpp30921x3vy3dl801gc)

Pony Mail [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39

Pony Mail [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty

Pony Mail [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0

Pony Mail [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr (0wydzldg4f3vdpcp913hvo2505f6j6yg)

Pony Mail [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty

Pony Mail [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr (b2ztyhx3dkx4tshczngs471nw37sr3ss)

Pony Mail [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty (rfdbbos552749kltsvj8rg0sjtx8n830)

Pony Mail [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty (07pmybl0k8q40yg5j85nno8jffzoqnw6)

Pony Mail [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813

Pony Mail [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr (bq17k4cho4y8ftn1pzdn4v746v9dlov6)

Pony Mail [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0 (gv1zs243m7nhcb6xcy4yt79ts4cqyopt)

Pony Mail [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0 (4oscpyotcnptm9gmcv3v3t7sjdvjl75q)

Pony Mail [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813

Pony Mail [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr

Pony Mail [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0 (97hrb5dd80d0qy74go69jryq4942l9pl)

Pony Mail [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0

Pony Mail [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0 (ljjsymnmfc94qb2w8q8pk9f91o1491yp)

Pony Mail [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty