Eclipse Jetty信息泄露漏洞

admin 2023-12-01 17:53:59 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
低危 Eclipse Jetty信息泄露漏洞

CVE编号

CVE-2020-27218

利用情况

暂无

补丁情况

官方补丁

披露时间

2020-11-28
漏洞描述
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty存在信息泄露漏洞。攻击者可利用该漏洞添加或修改数据。 受影响系统: Eclipse Jetty <= 9.4.32.v20200930 Eclipse Jetty <= 11.0.0.beta2 Eclipse Jetty <= 10.0.0.beta2
解决建议
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
参考链接
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
https://lists.apache.org/thread.html/r00858fe27ee35ac8fa0e1549d67e0efb789d63b...
https://lists.apache.org/thread.html/r01806ad8c9cb0590584baf5b1a60237ad92e4ad...
https://lists.apache.org/thread.html/r05b7ffde2b8c180709e14bc9ca036407bea3ed9...
https://lists.apache.org/thread.html/r078c1203e48089b2c934b9f86b61bebe8c049e0...
https://lists.apache.org/thread.html/r0d2de2ab5558da68b504bd30db74da1d97dc152...
https://lists.apache.org/thread.html/r153fbefc27a1b2033692f32ef728ca909a7c7bc...
https://lists.apache.org/thread.html/r15500b77c52390e2ec048cea4a6b45edf907ea6...
https://lists.apache.org/thread.html/r186748e676e5aeb4eb603361e6367555ae4daec...
https://lists.apache.org/thread.html/r1dd302323c6fe1a542d0371de66a484918fa6c2...
https://lists.apache.org/thread.html/r22776d06582985cca5bd2a92519a2b13b4cae2d...
https://lists.apache.org/thread.html/r23ce6b8965e30808daa77a80fcd69833b1fc632...
https://lists.apache.org/thread.html/r25a47cd06750ebb4b0f23a9b7a57c209702c856...
https://lists.apache.org/thread.html/r2a541f08bf5f847394297c13a5305c2f76c11e4...
https://lists.apache.org/thread.html/r2a57c7bbf36afc87f8ad9e1dd2f53a08e85a1b5...
https://lists.apache.org/thread.html/r2f168fd22c071bdd95ec696e45d2a01e928b9fc...
https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15b...
https://lists.apache.org/thread.html/r2ffe719224cbe5897f2d06dd22fc77fa12377c3...
https://lists.apache.org/thread.html/r306c8e5aad1b9afc0c9278430fb571950fbb3ab...
https://lists.apache.org/thread.html/r32a25679d97bf5969d130f8e9b3a3fc54110095...
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e...
https://lists.apache.org/thread.html/r3554a4f192db6008c03f2c6c3e0f1691a9b0d61...
https://lists.apache.org/thread.html/r3807b1c54066797c4870e03bd2376bdcce9c7c4...
https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c7...
https://lists.apache.org/thread.html/r391d20ab6ec03d6becc7a9f0c5e0f45a7ad8af6...
https://lists.apache.org/thread.html/r39f1b1be8e5c0935f7c515eedf907909474bad1...
https://lists.apache.org/thread.html/r3b7c8bc7a1cb8acdcf7753f436564d289d22f29...
https://lists.apache.org/thread.html/r3d43529452c5a16338e8267eb911e8aedc64c32...
https://lists.apache.org/thread.html/r46589f4228aabd5fb16135ff5bef0f77f06cdef...
https://lists.apache.org/thread.html/r489dfc3e259ad3837141985dd9291b93e6b4049...
https://lists.apache.org/thread.html/r4981622ba15e8be1657d30b7c85044c7aabe897...
https://lists.apache.org/thread.html/r4aff5ca6bc94a6f13ff77914fd960185ab70cd6...
https://lists.apache.org/thread.html/r4b2e7417a76e3dd4dc9855c6c138c4948408075...
https://lists.apache.org/thread.html/r500e22d0aedba1866d0b5e76429b76652a473a0...
https://lists.apache.org/thread.html/r51ec0120b6c849d12fb7fef34db87ef0bf79fcf...
https://lists.apache.org/thread.html/r543ea0a861a78d84c22656fb76880d7ab327048...
https://lists.apache.org/thread.html/r5464405909eb0e1059d5dd57d10c435b9f19325...
https://lists.apache.org/thread.html/r5c64173663c71f222ea40617ab362d7a590935f...
https://lists.apache.org/thread.html/r5e5cb33b545548ec4684d33bd88b05a0ae89c4d...
https://lists.apache.org/thread.html/r602683484f607cd1b9598caf3e549fbb01c43fd...
https://lists.apache.org/thread.html/r6493e43007f41e34cdbbb66622307fa235374dd...
https://lists.apache.org/thread.html/r66456df852de06a0eed2c0a50252a2c8d360b8a...
https://lists.apache.org/thread.html/r6d5bb60a13e8b539600f86cb72097967b951de5...
https://lists.apache.org/thread.html/r706562cbbdda569cc556d8a7983d1f9229606e7...
https://lists.apache.org/thread.html/r70940cb30356642f0c49af49259680d6bd866f5...
https://lists.apache.org/thread.html/r74ab0f5a5f16ca01eb145403ab753df5b348b8c...
https://lists.apache.org/thread.html/r7669dab41f2b34d56bb67700d869dc9c025ff72...
https://lists.apache.org/thread.html/r769e1ba36c607772f7403e7ef2a8ae14d9ddcab...
https://lists.apache.org/thread.html/r7d37d33f2d68912985daf40203182e3d86f3e81...
https://lists.apache.org/thread.html/r81f82ab8ecb83568bafbecf9ce0e73be73980ac...
https://lists.apache.org/thread.html/r821bbffb64da0f062b4e72d1aa600b91e26bc82...
https://lists.apache.org/thread.html/r850d1d0413716e8ba6d910cae7b01a0e560636e...
https://lists.apache.org/thread.html/r870bc5e6e354c3e28ea029cb5726c9e8dd2b88c...
https://lists.apache.org/thread.html/r8b2271909dabb45f0f1482ef35ffe106ae4b0cf...
https://lists.apache.org/thread.html/r8be8c6f0e404a3179d988eb8afed03ede5f2d5c...
https://lists.apache.org/thread.html/r8c22aad0711321537183ccddcade7274ebf9dcb...
https://lists.apache.org/thread.html/r8c839a0d88cd6504abbe72c260371094f47014b...
https://lists.apache.org/thread.html/r8ed14a84656fa0bb8df3bf9373c5be80f47ceac...
https://lists.apache.org/thread.html/r8eea4c7797e701f6494c72942dd89f471cda4c2...
https://lists.apache.org/thread.html/r8f5b144e7a7c2b338f01139d891abbaba12a817...
https://lists.apache.org/thread.html/r8fee46fd9f1254150cc55eecf1ea6a448fca1f7...
https://lists.apache.org/thread.html/r94230f46b91c364d39922a8ba0cfe12b8dba155...
https://lists.apache.org/thread.html/r942e21ee90e2617a00a08b17b0ac2db961959be...
https://lists.apache.org/thread.html/r964d226dd08527fddd7a44410c50daa9d34d398...
https://lists.apache.org/thread.html/r96ef6d20c5bd3d42dab500bac56a427e1dce00c...
https://lists.apache.org/thread.html/r990e0296b188d4530d1053882f687fa4f938f10...
https://lists.apache.org/thread.html/r9b46505868794fba04d401956304e63e4d8e39b...
https://lists.apache.org/thread.html/r9d7a86fb0b45e5b1855d4df83a5820eef813d55...
https://lists.apache.org/thread.html/r9f571b086965b35d4e91e47fb67c27b42b62762...
https://lists.apache.org/thread.html/ra09a653997cbf10aab8c0deabc0fa49f5a8a8ce...
https://lists.apache.org/thread.html/ra1c234f045871827f73e4d68326b067e72d3139...
https://lists.apache.org/thread.html/racd55c9b704aa68cfb4436f17739b612b5d4f88...
https://lists.apache.org/thread.html/racf9e6ad2482cb9b1e3e1b2c1b443d9d5cf1405...
https://lists.apache.org/thread.html/rb4ca79d1af5237108ce8770b7c46ca78095f62e...
https://lists.apache.org/thread.html/rb6a3866c02ac4446451c7d9dceab2373b6d32fb...
https://lists.apache.org/thread.html/rb8f413dc923070919b09db3ac87d079a2dcc6f0...
https://lists.apache.org/thread.html/rba4bca48d2cdfa8c08afc368a9cc4572ec85a59...
https://lists.apache.org/thread.html/rbbd003149f929b0e2fe58fb315de1658e983772...
https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6c...
https://lists.apache.org/thread.html/rbe3f2e0a3c38ed9cbef81507b7cc6e523341865...
https://lists.apache.org/thread.html/rbea4d456d88b043be86739ab0200ad06ba5a792...
https://lists.apache.org/thread.html/rc0e35f4e8a8a36127e3ae7a67f325a3a6a4dbe0...
https://lists.apache.org/thread.html/rc1de630c6ed9a958d9f811e816d6d8efb6ca94a...
https://lists.apache.org/thread.html/rc2b603b7fa7f8dbfe0b3b59a6140b4d66868db3...
https://lists.apache.org/thread.html/rc91c405c08b529b7292c75d9bd497849db700a1...
https://lists.apache.org/thread.html/rcbc408088ae99dc3167ea293a562a3a9a7295a2...
https://lists.apache.org/thread.html/rccc7ba8c51d662e13496df20466d27dbab54d70...
https://lists.apache.org/thread.html/rce9e232a663d8405c003fe83d5c86c27d1ed655...
https://lists.apache.org/thread.html/rcf7b5818f71bb97fd695eb0f54f8f4f69e15cc5...
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2...
https://lists.apache.org/thread.html/rd20651e102cb6742a9d9322ea7b5fc3ab60a7ff...
https://lists.apache.org/thread.html/rd8e24a3e482e5984bc8c5492dc790413e4fdc12...
https://lists.apache.org/thread.html/rd9a960429741406f6557fa344a13d50a0c9976d...
https://lists.apache.org/thread.html/rdbdbb4e51f8857e082b464cd128decd7263cf0f...
https://lists.apache.org/thread.html/rdde0ad0a03eec962c56b46e70e225918ea2368d...
https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f15...
https://lists.apache.org/thread.html/re014afaa14f4df9d33912ab64dc57249e1c170c...
https://lists.apache.org/thread.html/re03a566114435a8cc8eb72158242b0f560c5eec...
https://lists.apache.org/thread.html/re3918edd403b0d3857a13ef2ccf3d2bc0231f3b...
https://lists.apache.org/thread.html/re4ae7ada52c5ecfe805eb86ddc0af399ec8a57b...
https://lists.apache.org/thread.html/re4e67541a0a25a8589e89f52f8cd163c863fe04...
https://lists.apache.org/thread.html/re86a6ba09dc74e709db843e3561ead923c8fd1c...
https://lists.apache.org/thread.html/re9214a4232b7ae204288c283bcee4e39f07da6c...
https://lists.apache.org/thread.html/reb75282901d0969ba6582725ce8672070715d07...
https://lists.apache.org/thread.html/ree677ff289ba9a90850f2e3ba7279555df1a170...
https://lists.apache.org/thread.html/rf0181750e321518c8afa8001e0529d50a944771...
https://lists.apache.org/thread.html/rf273267fa2e49314643af3141cec239f97d41de...
https://lists.apache.org/thread.html/rf31e24700f725ef81bc5a2e0444a60e1f295ed0...
https://lists.apache.org/thread.html/rfa34d2a3e423421a4a1354cf457edba2ce78cee...
https://lists.apache.org/thread.html/rfa8879a713480b206c152334419499e6af0878c...
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
https://security.netapp.com/advisory/ntap-20201218-0003/
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 eclipse jetty * From (including) 9.4.0 Up to (excluding) 9.4.35
运行在以下环境
应用 eclipse jetty 10.0.0 -
运行在以下环境
应用 eclipse jetty 11.0.0 -
运行在以下环境
系统 debian_10 jetty9 * Up to (excluding) 9.4.50-4+deb10u1
运行在以下环境
系统 debian_11 jetty9 * Up to (excluding) 9.4.35-1
运行在以下环境
系统 debian_12 jetty9 * Up to (excluding) 9.4.35-1
运行在以下环境
系统 debian_9 jetty9 * Up to (including) 9.2.21-1+deb9u1
运行在以下环境
系统 debian_sid jetty9 * Up to (excluding) 9.4.35-1
运行在以下环境
系统 opensuse_Leap_15.2 jetty-client * Up to (excluding) 9.4.35-lp152.2.3.1
阿里云评分 2.1
  • 攻击路径 远程
  • 攻击复杂度 困难
  • 权限要求 管控权限
  • 影响范围 有限影响
  • EXP成熟度 未验证
  • 补丁情况 官方补丁
  • 数据保密性 数据泄露
  • 数据完整性 传输被破坏
  • 服务器危害 无影响
  • 全网数量 N/A
CWE-ID 漏洞类型
NVD-CWE-noinfo
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-9120利用情况 暂无补丁情况 N/A披露时间 2024-09-23漏洞描述Use after free in Dawn
评论:0   参与:  0