ID

VAR-202107-1585


CVE

CVE-2021-34429


TITLE

Eclipse Jetty  Authentication Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2021-009832

DESCRIPTION

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Eclipse Jetty Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Eclipse Jetty is an open source, Java-based Web server and Java Servlet container from the Eclipse Foundation. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat AMQ Broker 7.9.0 release and security update Advisory ID: RHSA-2021:3700-01 Product: Red Hat JBoss AMQ Advisory URL: https://access.redhat.com/errata/RHSA-2021:3700 Issue date: 2021-09-30 Keywords: amq,messaging,integration,broker CVE Names: CVE-2020-13956 CVE-2020-27223 CVE-2021-3425 CVE-2021-3763 CVE-2021-20289 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 CVE-2021-28163 CVE-2021-28164 CVE-2021-28165 CVE-2021-28169 CVE-2021-29425 CVE-2021-34428 CVE-2021-34429 ===================================================================== 1. Summary: Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Security Fix(es): * httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs (CVE-2020-13956) * jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223) * resteasy-jaxrs: resteasy: Error message exposes endpoint class information (CVE-2021-20289) * netty: Information disclosure via the local system temporary directory (CVE-2021-21290) * netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295) * netty: Request smuggling via content-length header (CVE-2021-21409) * jetty-server: jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163) * jetty-server: jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164) * jetty-server: jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) * jetty-server: jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory (CVE-2021-28169) * commons-io: apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425) * broker: Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425) * jetty-server: jetty: SessionListener can prevent a session from being invalidated breaking logout (CVE-2021-34428) * jetty-server: jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * broker: AMQ Broker 7: Incorrect privilege in Management Console (CVE-2021-3763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link (you must log in to download the update). 4. Bugs fixed (https://bugzilla.redhat.com/): 1886587 - CVE-2020-13956 apache-httpclient: incorrect handling of malformed authority component in request URIs 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1936629 - CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 1948752 - CVE-2021-29425 apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 1971016 - CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory 1974891 - CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2000654 - CVE-2021-3763 AMQ Broker 7: Incorrect privilege in Management Console 5. References: https://access.redhat.com/security/cve/CVE-2020-13956 https://access.redhat.com/security/cve/CVE-2020-27223 https://access.redhat.com/security/cve/CVE-2021-3425 https://access.redhat.com/security/cve/CVE-2021-3763 https://access.redhat.com/security/cve/CVE-2021-20289 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/cve/CVE-2021-28163 https://access.redhat.com/security/cve/CVE-2021-28164 https://access.redhat.com/security/cve/CVE-2021-28165 https://access.redhat.com/security/cve/CVE-2021-28169 https://access.redhat.com/security/cve/CVE-2021-29425 https://access.redhat.com/security/cve/CVE-2021-34428 https://access.redhat.com/security/cve/CVE-2021-34429 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.9.0 https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYVWKK9zjgjWX9erEAQiu0A/+NJe1AtB06jaucFaOVo6/q4A3geYdiNfX aU44bpkaYfOHdYkd2Ec59L3ImNIUCYMxUZIWhNfyUwMKAGxRnj2Q0tzm3O6ZCwcL 3DIVXlJHfrQHN8rZ38rG0bi4l4OnnSV1y2kskqkOITFcv6N0MmyQ8+rzG/m5VHC6 c9IBl0zXGZs+8sXDsXzN7tabdieUmke1FyR1SV/YsR9rnnm1cZJcfJqJcKWeKD0v GMvKjgq6VImt8xAZbaOHWzV3+PfinisPh7XYRabE87EAyMFmy5jWclZrg8UhsaYX DEV2+wis3jgANdAgvNox/7camxSciogKKSTxc8ZTPaok33GeudET5pmVbac9sQsc e/jrTvN+AnHMtGoQQwAHPQH3DMjomzd1vmjV4aI6UfearT0GlkLLMVcn6wp2OQ7w d+yh2QnDGXUHLYCkAcvNVklL8ZGlhxgV9zdhoYVSdiZPXAQNvfCDgNilzMaJKXmF k2sR0BB3wnSG7//dUTbNTbBQw8JpuYesDpUC+JYMWErnFak9MGj0Q+ISfxYE9vC5 LSiCsqNHibsGcA5XpVVvO4q/LM6mwhCozD4WXrCw3xl4n4EWWiTQceF+yYSRtsmn pWcWk56HHAlr5Qs9jRuW90pzyf8X/T9rEmugb62Z7SGSUH/A4xJxLpZJHb4q/whu hBENV2qm+t4= =l+R3 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Security Fix(es): * jetty: crafted URIs allow bypassing security constraints (CVE-2021-34429) * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data (CVE-2021-37136) * netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137) * Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1985223 - CVE-2021-34429 jetty: crafted URIs allow bypassing security constraints 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5

Trust: 2.52

sources: NVD: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // PACKETSTORM: 164346 // PACKETSTORM: 165564

AFFECTED PRODUCTS

vendor:oraclemodel:communications cloud native core security edge protection proxyscope:eqversion:1.5.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:11.0

Trust: 1.0

vendor:netappmodel:snapcenter plug-inscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.5.0.2

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.2.0

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:9.4.43

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0.0

Trust: 1.0

vendor:netappmodel:solidfirescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications cloud native core unified data repositoryscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:rest data servicesscope:ltversion:22.1.1

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:11.0.1

Trust: 1.0

vendor:netappmodel:snap creator frameworkscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:stream analyticsscope:ltversion:19.1.0.0.6.4

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:9.4.37

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.10.0

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:11.0.6

Trust: 1.0

vendor:eclipsemodel:jettyscope:gteversion:10.0.1

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:11.70.1

Trust: 1.0

vendor:oraclemodel:communications cloud native core service communication proxyscope:eqversion:1.14.0

Trust: 1.0

vendor:oraclemodel:autovue for agile product lifecycle managementscope:eqversion:21.0.2

Trust: 1.0

vendor:oraclemodel:stream analyticsscope:eqversion:19c

Trust: 1.0

vendor:netappmodel:e-series santricity web servicesscope:eqversion: -

Trust: 1.0

vendor:netappmodel:element plug-in for vcenter serverscope:eqversion: -

Trust: 1.0

vendor:netappmodel:hci management nodescope:eqversion: -

Trust: 1.0

vendor:eclipsemodel:jettyscope:ltversion:10.0.6

Trust: 1.0

vendor:oraclemodel:financial services crime and compliance management studioscope:eqversion:8.0.8.3.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controller softwarescope: - version: -

Trust: 0.8

vendor:netappmodel:snapcenter plug-inscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core binding support functionscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications cloud native core security edge protection proxyscope: - version: -

Trust: 0.8

vendor:netappmodel:e-series santricity web servicesscope: - version: -

Trust: 0.8

vendor:netappmodel:hci management nodescope: - version: -

Trust: 0.8

vendor:netappmodel:element plug-in for vcenter serverscope: - version: -

Trust: 0.8

vendor:eclipsemodel:jettyscope: - version: -

Trust: 0.8

vendor:netappmodel:solidfirescope: - version: -

Trust: 0.8

vendor:netappmodel:snap creator frameworkscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009832 // NVD: CVE-2021-34429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-34429
value: MEDIUM

Trust: 1.0

emo@eclipse.org: CVE-2021-34429
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-34429
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202107-1094
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-394611
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-34429
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-34429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-394611
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-34429
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-009832
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429 // NVD: CVE-2021-34429

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-551

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Bad authentication (CWE-863) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-394611 // JVNDB: JVNDB-2021-009832 // NVD: CVE-2021-34429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1094

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-394611

PATCH

title:Oracle Critical Patch Update Advisory - April 2022 Oracle Critical Patch Updateurl:https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm

Trust: 0.8

title:Eclipse Jetty Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=158187

Trust: 0.6

title:Debian CVElist Bug Report Logs: jetty9: CVE-2021-34429url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=958d7f11470eb2595bad01a01f3abf85

Trust: 0.1

title:Red Hat: CVE-2021-34429url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-34429

Trust: 0.1

title:CVE-2021-34429url:https://github.com/ColdFusionX/CVE-2021-34429

Trust: 0.1

title:JETTY CVE-2021-34429url:https://github.com/cwh945/JETTY-POC

Trust: 0.1

sources: VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // CNNVD: CNNVD-202107-1094

EXTERNAL IDS

db:NVDid:CVE-2021-34429

Trust: 3.6

db:PACKETSTORMid:165564

Trust: 0.8

db:JVNDBid:JVNDB-2021-009832

Trust: 0.8

db:CNNVDid:CNNVD-202107-1094

Trust: 0.7

db:EXPLOIT-DBid:50478

Trust: 0.7

db:PACKETSTORMid:164346

Trust: 0.7

db:CS-HELPid:SB2022012750

Trust: 0.6

db:CS-HELPid:SB2022072013

Trust: 0.6

db:CS-HELPid:SB2022042520

Trust: 0.6

db:CS-HELPid:SB2021093016

Trust: 0.6

db:CS-HELPid:SB2022072091

Trust: 0.6

db:CS-HELPid:SB2022060717

Trust: 0.6

db:AUSCERTid:ESB-2021.3256

Trust: 0.6

db:AUSCERTid:ESB-2021.2879

Trust: 0.6

db:AUSCERTid:ESB-2022.4174

Trust: 0.6

db:AUSCERTid:ESB-2022.0195

Trust: 0.6

db:AUSCERTid:ESB-2022.3156

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-394611

Trust: 0.1

db:VULMONid:CVE-2021-34429

Trust: 0.1

sources: VULHUB: VHN-394611 // VULMON: CVE-2021-34429 // JVNDB: JVNDB-2021-009832 // PACKETSTORM: 164346 // PACKETSTORM: 165564 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://github.com/eclipse/jetty.project/security/advisories/ghsa-vjv5-gp2w-65vm

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20210819-0006/

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-34429

Trust: 1.0

url:https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3ccommits.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3cdev.santuario.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3ccommits.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3cdev.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3cdev.hbase.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3ccommits.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3cdev.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3cissues.hbase.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3ccommits.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3ccommits.pulsar.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3cnotifications.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3cissues.zookeeper.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3cjira.kafka.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3cissues.hbase.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread/t2ypp3t3v7n1p12h4yclp8fopf7dmryb

Trust: 0.8

url:https://lists.apache.org/thread/x07thv8bylkgxpqkmp2wvrj1po2dm8mq

Trust: 0.8

url:https://lists.apache.org/thread/lyt8zcojbszzo2xnyzkm695rh6w26mb8

Trust: 0.8

url:https://lists.apache.org/thread/0w67910oxj7t53c0ql56h7744jkzvgxf

Trust: 0.8

url:https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3cdev.hbase.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3cissues.hbase.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3cissues.hbase.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3ccommits.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3ccommits.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3ccommits.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3cdev.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3cjira.kafka.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3ccommits.pulsar.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3ccommits.pulsar.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3ccommits.pulsar.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3cdev.santuario.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3ccommits.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3ccommits.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3cdev.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3cissues.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3cnotifications.zookeeper.apache.org%3e

Trust: 0.7

url:https://packetstormsecurity.com/files/165564/red-hat-security-advisory-2022-0138-06.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072013

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0195

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060717

Trust: 0.6

url:https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042520

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6527232

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072091

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021093016

Trust: 0.6

url:https://www.exploit-db.com/exploits/50478

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2879

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4174

Trust: 0.6

url:https://vigilance.fr/vulnerability/eclipse-jetty-information-disclosure-via-web-inf-directory-access-35918

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3256

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3156

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012750

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-34429

Trust: 0.2

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/errata/rhsa-2021:3700

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q4

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28163

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28164

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34428

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3425

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21295

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28169

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29425

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21295

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.broker&version=7.9.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21409

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28163

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21409

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3425

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3763

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-34428

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3763

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28164

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13956

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21290

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20289

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44832

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37137

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44832

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37136

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-38153

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.amq.streams&version=2.0.0

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:0138

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-38153

Trust: 0.1

sources: VULHUB: VHN-394611 // JVNDB: JVNDB-2021-009832 // PACKETSTORM: 164346 // PACKETSTORM: 165564 // CNNVD: CNNVD-202107-1094 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-34429

CREDITS

Red Hat

Trust: 0.2

sources: PACKETSTORM: 164346 // PACKETSTORM: 165564

SOURCES

db:VULHUBid:VHN-394611
db:VULMONid:CVE-2021-34429
db:JVNDBid:JVNDB-2021-009832
db:PACKETSTORMid:164346
db:PACKETSTORMid:165564
db:CNNVDid:CNNVD-202107-1094
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-34429

LAST UPDATE DATE

2024-08-14T12:08:34.292000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-394611date:2022-10-27T00:00:00
db:VULMONid:CVE-2021-34429date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-009832date:2022-05-31T08:12:00
db:CNNVDid:CNNVD-202107-1094date:2022-10-28T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-34429date:2023-11-07T03:35:59.680

SOURCES RELEASE DATE

db:VULHUBid:VHN-394611date:2021-07-15T00:00:00
db:VULMONid:CVE-2021-34429date:2021-07-15T00:00:00
db:JVNDBid:JVNDB-2021-009832date:2022-05-31T00:00:00
db:PACKETSTORMid:164346date:2021-09-30T16:39:42
db:PACKETSTORMid:165564date:2022-01-14T15:29:02
db:CNNVDid:CNNVD-202107-1094date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-34429date:2021-07-15T17:15:08.637