Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:1509: Red Hat Security Advisory: rh-eclipse-jetty security update

An update for rh-eclipse-jetty is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Jetty is a 100% Java HTTP Server and Servlet Container. The following packages have been upgraded to a later upstream version: rh-eclipse-jetty (9.4.40). Security Fix(es):

  • jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
  • jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
  • jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2021-28163: jetty: Symlink directory exposes webapp directory contents
  • CVE-2021-28164: jetty: Ambiguous paths can access WEB-INF
  • CVE-2021-28165: jetty: Resource exhaustion when receiving an invalid large TLS frame
Red Hat Security Data
#vulnerability#web#red_hat#java

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update