CVE-2021-34429 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-34429 PUBLISHED

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

EPSS 93.78% · 99.9th percentile

Risk Scores

EPSS Score

93.78%

99.9th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	jetty9	9.4.45-1, 9.4.44-3, 9.4.44-4
Ubuntu:16.04:LTS	jetty9	9.2.14-1, 0

Timeline

Apr 13, 2021 CVE Published
Jul 16, 2021 EPSS Score
Jul 27, 2021 PoC Published
Jul 29, 2021 EPSS Score
Aug 18, 2021 EPSS Score
Sep 2, 2021 EPSS Score
Sep 22, 2021 EPSS Score
Oct 6, 2021 PoC Published
Oct 9, 2021 EPSS Score
Nov 3, 2021 PoC Published
Nov 4, 2021 EPSS Score
Nov 13, 2021 EPSS Score

References

https://ubuntu.com/security/CVE-2021-34429 third-party-advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-34429 third-party-advisory

Open in Interactive Console →