Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.19981
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.19981
<patchinfo incident="19981"> <issue tracker="bnc" id="1184366">VUL-0: CVE-2021-28163: jetty-minimal: leak of the contents of the webapps directory when is deployed as a static webapp</issue> <issue tracker="bnc" id="1184368">VUL-0: CVE-2021-28164: jetty-minimal: the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory</issue> <issue tracker="bnc" id="1184367">VUL-0: CVE-2021-28165: jetty-minimal: CPU usage can reach 100% upon receiving a large invalid TLS frame</issue> <issue tracker="bnc" id="1187117">VUL-0: CVE-2021-28169: jetty-minimal: it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory</issue> <issue tracker="cve" id="2021-28164"/> <issue tracker="cve" id="2021-28169"/> <issue tracker="cve" id="2021-28165"/> <issue tracker="cve" id="2021-28163"/> <packager>fstrba</packager> <rating>important</rating> <category>security</category> <summary>Security update for jetty-minimal</summary> <description>This update for jetty-minimal fixes the following issues: Update to version 9.4.42.v20210604 - Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor