Details of VAR-202107-1585

ID

VAR-202107-1585

CVE

CVE-2021-34429

TITLE

Eclipse Jetty Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-009832

DESCRIPTION

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Eclipse Jetty Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat AMQ Broker 7.9.0 release and security update Advisory ID: RHSA-2021:3700-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:3700 Issue date: 2021-09-30 Keywords: amq,messaging,integration,broker CVE Names: CVE-2020-13956 CVE-2020-27223 CVE-2021-3425 CVE-2021-3763 CVE-2021-20289 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVE-2021-29425 CVE-2021-34428 CVE-2021-34429 ===================================================================== 1. Summary: Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223) * resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163) * jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164) * jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) * jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169) * commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425) * jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428) * jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1936629 - CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2000654 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console 5. References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-27223 https://access.redhat.com/security/cve/CVE-2021-3425 https://access.redhat.com/security/cve/CVE-2021-3763 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28164 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28169 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/cve/CVE-2021-34428 https://access.redhat.com/security/cve/CVE-2021-34429 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYVWKK9zjgjWX9erEAQiu0A/+NJe1AtB06jaucFaOVo6/q4A3geYdiNfX aU44bpkaYfOHdYkd2Ec59L3ImNIUCYMxUZIWhNfyUwMKAGxRnj2Q0tzm3O6ZCwcL 3DIVXlJHfrQHN8rZ38rG0bi4l4OnnSV1y2kskqkOITFcv6N0MmyQ8+rzG/m5VHC6 c9IBl0zXGZs+8sXDsXzN7tabdieUmke1FyR1SV/YsR9rnnm1cZJcfJqJcKWeKD0v GMvKjgq6VImt8xAZbaOHWzV3+PfinisPh7XYRabE87EAyMFmy5jWclZrg8UhsaYX DEV2+wis3jgANdAgvNox/7camxSciogKKSTxc8ZTPaok33GeudET5pmVbac9sQsc e/jrTvN+AnHMtGoQQwAHPQH3DMjomzd1vmjV4aI6UfearT0GlkLLMVcn6wp2OQ7w d+yh2QnDGXUHLYCkAcvNVklL8ZGlhxgV9zdhoYVSdiZPXAQNvfCDgNilzMaJKXmF k2sR0BB3wnSG7//dUTbNTbBQw8JpuYesDpUC+JYMWErnFak9MGj0Q+ISfxYE9vC5 LSiCsqNHibsGcA5XpVVvO4q/LM6mwhCozD4WXrCw3xl4n4EWWiTQceF+yYSRtsmn pWcWk56HHAlr5Qs9jRuW90pzyf8X/T9rEmugb62Z7SGSUH/A4xJxLpZJHb4q/whu hBENV2qm+t4= =l+R3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Security Fix(es): * jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5

Trust: 2.52

sources: NVD: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // PACKETSTORM: 164346 // PACKETSTORM: 165564

AFFECTED PRODUCTS

vendor:	oracle	model:	communications cloud native core security edge protection proxy	scope:	eq	version:	1.5.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	11.0	Trust: 1.0
vendor:	netapp	model:	snapcenter plug-in	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.5.0.2	Trust: 1.0
vendor:	oracle	model:	financial services crime and compliance management studio	scope:	eq	version:	8.0.8.2.0	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	lt	version:	9.4.43	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0.0	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications cloud native core unified data repository	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	oracle	model:	retail eftlink	scope:	eq	version:	20.0.1	Trust: 1.0
vendor:	oracle	model:	rest data services	scope:	lt	version:	22.1.1	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	gte	version:	11.0.1	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	stream analytics	scope:	lt	version:	19.1.0.0.6.4	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	gte	version:	9.4.37	Trust: 1.0
vendor:	oracle	model:	communications cloud native core binding support function	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	lt	version:	11.0.6	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	gte	version:	10.0.1	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	11.70.1	Trust: 1.0
vendor:	oracle	model:	communications cloud native core service communication proxy	scope:	eq	version:	1.14.0	Trust: 1.0
vendor:	oracle	model:	autovue for agile product lifecycle management	scope:	eq	version:	21.0.2	Trust: 1.0
vendor:	oracle	model:	stream analytics	scope:	eq	version:	19c	Trust: 1.0
vendor:	netapp	model:	e-series santricity web services	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	element plug-in for vcenter server	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	eclipse	model:	jetty	scope:	lt	version:	10.0.6	Trust: 1.0
vendor:	oracle	model:	financial services crime and compliance management studio	scope:	eq	version:	8.0.8.3.0	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller software	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	snapcenter plug-in	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications cloud native core binding support function	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications cloud native core security edge protection proxy	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	e-series santricity web services	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	hci management node	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	element plug-in for vcenter server	scope:	-	version:	-	Trust: 0.8
vendor:	eclipse	model:	jetty	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	solidfire	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	snap creator framework	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009832 // NVD: CVE-2021-34429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-34429
value:	MEDIUM
Trust: 1.0
emo@eclipse.org:	CVE-2021-34429
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-34429
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1094
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-394611
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-34429
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-34429
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-394611
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-34429
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-009832
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429 // NVD: CVE-2021-34429

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-551	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-394611 // JVNDB: JVNDB-2021-009832 // NVD: CVE-2021-34429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1094

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-394611

PATCH

title:	Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Update	url:	https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm	Trust: 0.8
title:	Eclipse Jetty Repair measures for information disclosure vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=158187	Trust: 0.6
title:	Debian CVElist Bug Report Logs: jetty9: CVE-2021-34429	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=958d7f11470eb2595bad01a01f3abf85	Trust: 0.1
title:	Red Hat: CVE-2021-34429	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-34429	Trust: 0.1
title:	CVE-2021-34429	url:	https://github.com/ColdFusionX/CVE-2021-34429	Trust: 0.1
title:	JETTY CVE-2021-34429	url:	https://github.com/cwh945/JETTY-POC	Trust: 0.1

sources: VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202107-1094

EXTERNAL IDS

db:	NVD	id:	CVE-2021-34429	Trust: 3.6
db:	PACKETSTORM	id:	165564	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-009832	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1094	Trust: 0.7
db:	EXPLOIT-DB	id:	50478	Trust: 0.7
db:	PACKETSTORM	id:	164346	Trust: 0.7
db:	CS-HELP	id:	SB2022012750	Trust: 0.6
db:	CS-HELP	id:	SB2022072013	Trust: 0.6
db:	CS-HELP	id:	SB2022042520	Trust: 0.6
db:	CS-HELP	id:	SB2021093016	Trust: 0.6
db:	CS-HELP	id:	SB2022072091	Trust: 0.6
db:	CS-HELP	id:	SB2022060717	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3256	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2879	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0195	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3156	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-394611	Trust: 0.1
db:	VULMON	id:	CVE-2021-34429	Trust: 0.1

sources: VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // PACKETSTORM: 164346 // PACKETSTORM: 165564 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.3
url:	https://github.com/eclipse/jetty.project/security/advisories/ghsa-vjv5-gp2w-65vm	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210819-0006/	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34429	Trust: 1.0
url:	https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3ccommits.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3cdev.santuario.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3ccommits.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3cdev.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3cdev.hbase.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3ccommits.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3cdev.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3cissues.hbase.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3ccommits.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3ccommits.pulsar.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3cnotifications.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3cissues.zookeeper.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3cjira.kafka.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3cissues.hbase.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread/t2ypp3t3v7n1p12h4yclp8fopf7dmryb	Trust: 0.8
url:	https://lists.apache.org/thread/x07thv8bylkgxpqkmp2wvrj1po2dm8mq	Trust: 0.8
url:	https://lists.apache.org/thread/lyt8zcojbszzo2xnyzkm695rh6w26mb8	Trust: 0.8
url:	https://lists.apache.org/thread/0w67910oxj7t53c0ql56h7744jkzvgxf	Trust: 0.8
url:	https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3cdev.hbase.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3cissues.hbase.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3cissues.hbase.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3ccommits.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3ccommits.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3ccommits.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3cdev.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3cjira.kafka.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3ccommits.pulsar.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3cdev.santuario.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3ccommits.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3cdev.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3cissues.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3cnotifications.zookeeper.apache.org%3e	Trust: 0.7
url:	https://packetstormsecurity.com/files/165564/red-hat-security-advisory-2022-0138-06.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072013	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0195	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060717	Trust: 0.6
url:	https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042520	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6527232	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072091	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021093016	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50478	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2879	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://vigilance.fr/vulnerability/eclipse-jetty-information-disclosure-via-web-inf-directory-access-35918	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3256	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3156	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012750	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2021-34429	Trust: 0.2
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2021:3700	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28163	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27223	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28165	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28164	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29425	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-20289	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-34428	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3425	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21295	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21290	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29425	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21295	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.9.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21409	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28163	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21409	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27223	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3425	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3763	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34428	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3763	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28164	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21290	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-28169	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20289	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-28165	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44832	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37137	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37137	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44832	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37136	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-38153	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.0.0	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0138	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38153	Trust: 0.1

sources: VULHUB: VHN-394611 // JVNDB: JVNDB-2021-009832 // PACKETSTORM: 164346 // PACKETSTORM: 165564 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 164346 // PACKETSTORM: 165564

SOURCES

db:	VULHUB	id:	VHN-394611
db:	VULMON	id:	CVE-2021-34429
db:	JVNDB	id:	JVNDB-2021-009832
db:	PACKETSTORM	id:	164346
db:	PACKETSTORM	id:	165564
db:	CNNVD	id:	CNNVD-202107-1094
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-34429

LAST UPDATE DATE

2024-08-14T12:08:34.292000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-394611	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2021-34429	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-009832	date:	2022-05-31T08:12:00
db:	CNNVD	id:	CNNVD-202107-1094	date:	2022-10-28T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-34429	date:	2023-11-07T03:35:59.680

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-394611	date:	2021-07-15T00:00:00
db:	VULMON	id:	CVE-2021-34429	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-009832	date:	2022-05-31T00:00:00
db:	PACKETSTORM	id:	164346	date:	2021-09-30T16:39:42
db:	PACKETSTORM	id:	165564	date:	2022-01-14T15:29:02
db:	CNNVD	id:	CNNVD-202107-1094	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-34429	date:	2021-07-15T17:15:08.637