Miggo Logo

CVE-2021-28163: Directory exposure in jetty

2.7

CVSS Score
3.1

Basic Information

EPSS Score
0.40334%
Published
4/6/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.eclipse.jetty:jetty-deploymaven>= 9.4.32, < 9.4.399.4.39
org.eclipse.jetty:jetty-deploymaven>= 10.0.0, < 10.0.210.0.2
org.eclipse.jetty:jetty-deploymaven>= 11.0.0, < 11.0.211.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

### Imp**t I* t** `${j*tty.**s*}` *ir**tory or t** `${j*tty.**s*}/w***pps` *ir**tory is * symlink (so*t link in Linux), t** *ont*nts o* t** `${j*tty.**s*}/w***pps` *ir**tory m*y ** **ploy** *s * st*ti* w** *ppli**tion, *xposin* t** *ont*nt o* t** *ir

Reasoning

No *n*lysis *v*il**l*