Versio.io

CVE-2021-34428

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 22-06-2021 05:15
Last modified: - 12-05-2022 04:07
Total changes: - 16

Description

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Low
Attack complexity
Physical
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
3.5
Base score
0.9
2.5
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=eclipse AND product=jetty AND versionEndIncluding=11.0.2 AND versionStartIncluding=11.0.0
vendor=eclipse AND product=jetty AND versionEndIncluding=10.0.2 AND versionStartIncluding=10.0.0
vendor=eclipse AND product=jetty AND versionEndIncluding=9.4.40
OR
vendor=Debian AND product=debian_linux AND version=10.0
OR
vendor=netapp AND product=snap_creator_framework AND version=-
vendor=netapp AND product=santricity_cloud_connector AND version=-
vendor=netapp AND product=snapmanager AND version=- AND target_software=sap
vendor=netapp AND product=e-series_santricity_web_services AND version=- AND target_software=web_services_proxy
vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=linux
vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=windows
vendor=netapp AND product=e-series_santricity_os_controller AND versionEndIncluding=11.70.1 AND versionStartIncluding=11.0
vendor=netapp AND product=element_plug-in_for_vcenter_server AND version=-
OR
vendor=oracle AND product=communications_services_gatekeeper AND version=7.0
vendor=oracle AND product=autovue_for_agile_product_lifecycle_management AND version=21.0.2
vendor=oracle AND product=siebel_core_-_automation AND versionEndIncluding=21.9
vendor=oracle AND product=communications_session_route_manager AND versionEndIncluding=8.2.4.0 AND versionStartIncluding=8.0.0
vendor=oracle AND product=communications_element_manager AND version=8.2.2
vendor=oracle AND product=rest_data_services AND software_edition=- AND versionEndExcluding=21.3
vendor=oracle AND product=communications_session_report_manager AND versionEndIncluding=8.2.4.0 AND versionStartIncluding=8.0.0.0
 

Reference

 


Keywords

NVD

 

CVE-2021-34428

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.