Description

Your web application uses Jetty's utility servlet - ConcatServlet. Due to the vulnerability in it, an attacker can access protected resources of the web application.

Remediation

Upgrade to the latest version of Jetty

References

CVE-2021-28169

Related Vulnerabilities

GlassFish admin console weak credentials

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.2.8)

WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

WordPress Plugin SKU Shortlink For WooCommerce Arbitrary File Disclosure (1.3.4)

Severity

Medium

Classification

CVE-2021-28169 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Configuration