Oval Definition:oval:org.opensuse.security:def:97080
Revision Date:2021-06-17Version:1
Title:Security update for jetty-minimal (Important)
Description:

This update for jetty-minimal fixes the following issues:

Update to version 9.4.42.v20210604

- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory - Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408 - Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs - Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan
Family:unixClass:patch
Status:Reference(s):1184366
1184367
1184368
1187117
CVE-2021-28163
CVE-2021-28164
CVE-2021-28165
CVE-2021-28169
SUSE-SU-2021:2005-1
Platform(s):openSUSE Leap 15.3 SLE Imports
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 SLE Imports is installed
  • AND Package Information
  • jetty-annotations-9.4.42-3.9.1 is installed
  • OR jetty-client-9.4.42-3.9.1 is installed
  • OR jetty-continuation-9.4.42-3.9.1 is installed
  • OR jetty-http-9.4.42-3.9.1 is installed
  • OR jetty-io-9.4.42-3.9.1 is installed
  • OR jetty-jaas-9.4.42-3.9.1 is installed
  • OR jetty-javax-websocket-client-impl-9.4.42-3.9.1 is installed
  • OR jetty-javax-websocket-server-impl-9.4.42-3.9.1 is installed
  • OR jetty-jmx-9.4.42-3.9.1 is installed
  • OR jetty-jndi-9.4.42-3.9.1 is installed
  • OR jetty-jsp-9.4.42-3.9.1 is installed
  • OR jetty-minimal-javadoc-9.4.42-3.9.1 is installed
  • OR jetty-openid-9.4.42-3.9.1 is installed
  • OR jetty-plus-9.4.42-3.9.1 is installed
  • OR jetty-proxy-9.4.42-3.9.1 is installed
  • OR jetty-security-9.4.42-3.9.1 is installed
  • OR jetty-server-9.4.42-3.9.1 is installed
  • OR jetty-servlet-9.4.42-3.9.1 is installed
  • OR jetty-util-9.4.42-3.9.1 is installed
  • OR jetty-util-ajax-9.4.42-3.9.1 is installed
  • OR jetty-webapp-9.4.42-3.9.1 is installed
  • OR jetty-websocket-api-9.4.42-3.9.1 is installed
  • OR jetty-websocket-client-9.4.42-3.9.1 is installed
  • OR jetty-websocket-common-9.4.42-3.9.1 is installed
  • OR jetty-websocket-javadoc-9.4.42-3.9.1 is installed
  • OR jetty-websocket-server-9.4.42-3.9.1 is installed
  • OR jetty-websocket-servlet-9.4.42-3.9.1 is installed
  • OR jetty-xml-9.4.42-3.9.1 is installed
    • BACK