Oval Definition:oval:org.opensuse.security:def:75902
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1184366
1184367
1184368
1187117
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
Platform(s):SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
Product(s):
BACK