Oval Definition:oval:org.opensuse.security:def:74712
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1160904
1160906
1165528
1169658
1184366
1184367
1184368
1187117
CVE-2019-18903
CVE-2020-10018
CVE-2020-11793
CVE-2020-7217
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
openSUSE-SU-2020:0207-1
openSUSE-SU-2020:0602-1
SUSE-SU-2021:2005-1
Platform(s):openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Development Tools 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • wicked-0.6.60-lp151.2.9 is installed
  • OR wicked-service-0.6.60-lp151.2.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP3 is installed
  • AND Package Information
  • jetty-http-9.4.42-3.9.1 is installed
  • OR jetty-io-9.4.42-3.9.1 is installed
  • OR jetty-security-9.4.42-3.9.1 is installed
  • OR jetty-server-9.4.42-3.9.1 is installed
  • OR jetty-servlet-9.4.42-3.9.1 is installed
  • OR jetty-util-9.4.42-3.9.1 is installed
  • OR jetty-util-ajax-9.4.42-3.9.1 is installed
    • BACK