OVAL Reference oval:org.opensuse.security:def:202134429

Oval Definition:

oval:org.opensuse.security:def:202134429

Revision Date:	2023-06-22	Version:	1
Title:	CVE-2021-34429
Description:	For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	Mitre CVE-2021-34429 SUSE CVE-2021-34429 SUSE-SU-2021:2838-1 openSUSE-SU-2021:2838-1
Platform(s):	openSUSE Leap 15.3 openSUSE Tumbleweed SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP3 SUSE Linux Enterprise Module for Development Tools 15 SP4 SUSE Linux Enterprise Module for Development Tools 15 SP5 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3	Product(s):
Definition Synopsis
openSUSE Tumbleweed is installed AND Package Information jetty-annotations-9.4.43-1.2 is installed OR jetty-ant-9.4.43-1.2 is installed OR jetty-cdi-9.4.43-1.2 is installed OR jetty-client-9.4.43-1.2 is installed OR jetty-continuation-9.4.43-1.2 is installed OR jetty-deploy-9.4.43-1.2 is installed OR jetty-fcgi-9.4.43-1.2 is installed OR jetty-http-9.4.43-1.2 is installed OR jetty-http-spi-9.4.43-1.2 is installed OR jetty-io-9.4.43-1.2 is installed OR jetty-jaas-9.4.43-1.2 is installed OR jetty-jmx-9.4.43-1.2 is installed OR jetty-jndi-9.4.43-1.2 is installed OR jetty-jsp-9.4.43-1.2 is installed OR jetty-minimal-javadoc-9.4.43-1.2 is installed OR jetty-openid-9.4.43-1.2 is installed OR jetty-plus-9.4.43-1.2 is installed OR jetty-proxy-9.4.43-1.2 is installed OR jetty-quickstart-9.4.43-1.2 is installed OR jetty-rewrite-9.4.43-1.2 is installed OR jetty-security-9.4.43-1.2 is installed OR jetty-server-9.4.43-1.2 is installed OR jetty-servlet-9.4.43-1.2 is installed OR jetty-servlets-9.4.43-1.2 is installed OR jetty-start-9.4.43-1.2 is installed OR jetty-util-9.4.43-1.2 is installed OR jetty-util-ajax-9.4.43-1.2 is installed OR jetty-webapp-9.4.43-1.2 is installed OR jetty-xml-9.4.43-1.2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed AND Package Information jetty-http-9.4.43-3.12.2 is installed OR jetty-io-9.4.43-3.12.2 is installed OR jetty-security-9.4.43-3.12.2 is installed OR jetty-server-9.4.43-3.12.2 is installed OR jetty-servlet-9.4.43-3.12.2 is installed OR jetty-util-9.4.43-3.12.2 is installed OR jetty-util-ajax-9.4.43-3.12.2 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed AND Package Information jetty-http-9.4.43-3.12.2 is installed OR jetty-io-9.4.43-3.12.2 is installed OR jetty-security-9.4.43-3.12.2 is installed OR jetty-server-9.4.43-3.12.2 is installed OR jetty-servlet-9.4.43-3.12.2 is installed OR jetty-util-9.4.43-3.12.2 is installed OR jetty-util-ajax-9.4.43-3.12.2 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP3 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed OR SUSE Linux Enterprise Server 15 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed OR SUSE Linux Enterprise Storage 7.1 is installed OR SUSE Manager Proxy 4.2 is installed OR SUSE Manager Retail Branch Server 4.2 is installed OR SUSE Manager Server 4.2 is installed AND Package Information jetty-http-9.4.43-3.12.2 is installed OR jetty-io-9.4.43-3.12.2 is installed OR jetty-security-9.4.43-3.12.2 is installed OR jetty-server-9.4.43-3.12.2 is installed OR jetty-servlet-9.4.43-3.12.2 is installed OR jetty-util-9.4.43-3.12.2 is installed OR jetty-util-ajax-9.4.43-3.12.2 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP2 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed OR SUSE Linux Enterprise Server 15 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed OR SUSE Linux Enterprise Storage 7 is installed OR SUSE Manager Proxy 4.1 is installed OR SUSE Manager Retail Branch Server 4.1 is installed OR SUSE Manager Server 4.1 is installed AND Package Information jetty-http-9.4.43-3.12.2 is installed OR jetty-io-9.4.43-3.12.2 is installed OR jetty-security-9.4.43-3.12.2 is installed OR jetty-server-9.4.43-3.12.2 is installed OR jetty-servlet-9.4.43-3.12.2 is installed OR jetty-util-9.4.43-3.12.2 is installed OR jetty-util-ajax-9.4.43-3.12.2 is installed
Definition Synopsis
openSUSE Leap 15.3 is installed AND Package Information jetty-annotations-9.4.43-3.12.2 is installed AND jetty-annotations is signed with openSUSE key OR jetty-client-9.4.43-3.12.2 is installed AND jetty-client is signed with openSUSE key OR jetty-continuation-9.4.43-3.12.2 is installed AND jetty-continuation is signed with openSUSE key OR jetty-http-9.4.43-3.12.2 is installed AND jetty-http is signed with openSUSE key OR jetty-io-9.4.43-3.12.2 is installed AND jetty-io is signed with openSUSE key OR jetty-jaas-9.4.43-3.12.2 is installed AND jetty-jaas is signed with openSUSE key OR jetty-javax-websocket-client-impl-9.4.43-3.12.2 is installed AND jetty-javax-websocket-client-impl is signed with openSUSE key OR jetty-javax-websocket-server-impl-9.4.43-3.12.2 is installed AND jetty-javax-websocket-server-impl is signed with openSUSE key OR jetty-jmx-9.4.43-3.12.2 is installed AND jetty-jmx is signed with openSUSE key OR jetty-jndi-9.4.43-3.12.2 is installed AND jetty-jndi is signed with openSUSE key OR jetty-jsp-9.4.43-3.12.2 is installed AND jetty-jsp is signed with openSUSE key OR jetty-minimal-javadoc-9.4.43-3.12.2 is installed AND jetty-minimal-javadoc is signed with openSUSE key OR jetty-openid-9.4.43-3.12.2 is installed AND jetty-openid is signed with openSUSE key OR jetty-plus-9.4.43-3.12.2 is installed AND jetty-plus is signed with openSUSE key OR jetty-proxy-9.4.43-3.12.2 is installed AND jetty-proxy is signed with openSUSE key OR jetty-security-9.4.43-3.12.2 is installed AND jetty-security is signed with openSUSE key OR jetty-server-9.4.43-3.12.2 is installed AND jetty-server is signed with openSUSE key OR jetty-servlet-9.4.43-3.12.2 is installed AND jetty-servlet is signed with openSUSE key OR jetty-util-9.4.43-3.12.2 is installed AND jetty-util is signed with openSUSE key OR jetty-util-ajax-9.4.43-3.12.2 is installed AND jetty-util-ajax is signed with openSUSE key OR jetty-webapp-9.4.43-3.12.2 is installed AND jetty-webapp is signed with openSUSE key OR jetty-websocket-api-9.4.43-3.12.2 is installed AND jetty-websocket-api is signed with openSUSE key OR jetty-websocket-client-9.4.43-3.12.2 is installed AND jetty-websocket-client is signed with openSUSE key OR jetty-websocket-common-9.4.43-3.12.2 is installed AND jetty-websocket-common is signed with openSUSE key OR jetty-websocket-javadoc-9.4.43-3.12.2 is installed AND jetty-websocket-javadoc is signed with openSUSE key OR jetty-websocket-server-9.4.43-3.12.2 is installed AND jetty-websocket-server is signed with openSUSE key OR jetty-websocket-servlet-9.4.43-3.12.2 is installed AND jetty-websocket-servlet is signed with openSUSE key OR jetty-xml-9.4.43-3.12.2 is installed AND jetty-xml is signed with openSUSE key
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP4 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP4 is installed OR SUSE Linux Enterprise Server 15 SP4 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed OR SUSE Manager Proxy 4.3 is installed OR SUSE Manager Retail Branch Server 4.3 is installed OR SUSE Manager Server 4.3 is installed AND Package Information jetty-http-9.4.43-3.12.2 is installed OR jetty-io-9.4.43-3.12.2 is installed OR jetty-security-9.4.43-3.12.2 is installed OR jetty-server-9.4.43-3.12.2 is installed OR jetty-servlet-9.4.43-3.12.2 is installed OR jetty-util-9.4.43-3.12.2 is installed OR jetty-util-ajax-9.4.43-3.12.2 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information jetty-http-9.4.48-150200.3.16.3 is installed OR jetty-io-9.4.48-150200.3.16.3 is installed OR jetty-security-9.4.48-150200.3.16.3 is installed OR jetty-server-9.4.48-150200.3.16.3 is installed OR jetty-servlet-9.4.48-150200.3.16.3 is installed OR jetty-util-9.4.48-150200.3.16.3 is installed OR jetty-util-ajax-9.4.48-150200.3.16.3 is installed

BACK