In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-04-01 15:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-28163
Mitre link : CVE-2021-28163
CVE.ORG link : CVE-2021-28163
JSON object : View
Products Affected
netapp
- e-series_santricity_web_services
- e-series_performance_analyzer
- vasa_provider_for_clustered_data_ontap
- e-series_santricity_os_controller
- snapcenter_plug-in
- cloud_manager
- virtual_storage_console
- snapcenter
- storage_replication_adapter_for_clustered_data_ontap
- santricity_cloud_connector
- element_plug-in_for_vcenter_server
oracle
- banking_digital_experience
- communications_session_report_manager
- banking_apis
- autovue_for_agile_product_lifecycle_management
- siebel_core_-_automation
- communications_element_manager
- communications_services_gatekeeper
- communications_session_route_manager
apache
- solr
- ignite
fedoraproject
- fedora
eclipse
- jetty