CVE编号
CVE-2021-34429利用情况
暂无补丁情况
官方补丁披露时间
2021-07-16漏洞描述
Eclipse Jetty 部分版本存在安全漏洞,攻击者可以使用一些编码字符制作 URI 来访问 WEB-INF 目录的内容或绕过一些安全限制。解决建议
受影响版本:9.4.37
10.0.1
11.0.1
建议升级至安全版本,参考以下链接:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
参考链接 |
|
|---|---|
| https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm | |
| https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f4... | |
| https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e... | |
| https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803e... | |
| https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9f... | |
| https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e76625... | |
| https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d0... | |
| https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f107... | |
| https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb... | |
| https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7... | |
| https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68... | |
| https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132... | |
| https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c7... | |
| https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc627... | |
| https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a7... | |
| https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d507... | |
| https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfe... | |
| https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e... | |
| https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e81... | |
| https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62... | |
| https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4... | |
| https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a... | |
| https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2... | |
| https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd320... | |
| https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf2... | |
| https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259... | |
| https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9... | |
| https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0... | |
| https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d... | |
| https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399b... | |
| https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441... | |
| https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e9444079... | |
| https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cda... | |
| https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6... | |
| https://security.netapp.com/advisory/ntap-20210819-0006/ | |
| https://www.oracle.com/security-alerts/cpujan2022.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | * |
From (including) 10.0.1 |
Up to (excluding) 10.0.6 |
||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | * |
From (including) 11.0.1 |
Up to (excluding) 11.0.6 |
||||
| 运行在以下环境 | |||||||||
| 应用 | eclipse | jetty | * |
From (including) 9.4.37 |
Up to (excluding) 9.4.43 |
||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | jetty | * |
Up to (excluding) 9.4.43-3.12.2 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...