pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-2000/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

185 lines
7.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20212000",
"Version": "oval:org.altlinux.errata:def:20212000",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-2000: package `jetty` update to version 9.4.40-alt1_1jpp11",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-2000",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-2000",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-05507",
"RefURL": "https://bdu.fstec.ru/vul/2022-05507",
"Source": "BDU"
},
{
"RefID": "BDU:2022-05511",
"RefURL": "https://bdu.fstec.ru/vul/2022-05511",
"Source": "BDU"
},
{
"RefID": "CVE-2021-28163",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28165",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"Source": "CVE"
}
],
"Description": "This update upgrades jetty to version 9.4.40-alt1_1jpp11. \nSecurity Fix(es):\n\n * BDU:2022-05507: Уязвимость контейнера сервлетов Eclipse Jetty, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-05511: Уязвимость компонента webapps контейнера сервлетов Eclipse Jetty, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2021-28163: In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.\n\n * CVE-2021-28165: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-06-15"
},
"Updated": {
"Date": "2021-06-15"
},
"BDUs": [
{
"ID": "BDU:2022-05507",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2022-05507",
"Impact": "High",
"Public": "20210401"
},
{
"ID": "BDU:2022-05511",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-59, CWE-200",
"Href": "https://bdu.fstec.ru/vul/2022-05511",
"Impact": "Low",
"Public": "20210401"
}
],
"CVEs": [
{
"ID": "CVE-2021-28163",
"CVSS": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
"Impact": "Low",
"Public": "20210401"
},
{
"ID": "CVE-2021-28165",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-755",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"Impact": "High",
"Public": "20210401"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20212000001",
"Comment": "jetty is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000002",
"Comment": "jetty-client is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000003",
"Comment": "jetty-continuation is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000004",
"Comment": "jetty-http is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000005",
"Comment": "jetty-io is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000006",
"Comment": "jetty-jaas is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000007",
"Comment": "jetty-javadoc is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000008",
"Comment": "jetty-jmx is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000009",
"Comment": "jetty-security is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000010",
"Comment": "jetty-server is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000011",
"Comment": "jetty-servlet is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000012",
"Comment": "jetty-util is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000013",
"Comment": "jetty-util-ajax is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000014",
"Comment": "jetty-webapp is earlier than 0:9.4.40-alt1_1jpp11"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20212000015",
"Comment": "jetty-xml is earlier than 0:9.4.40-alt1_1jpp11"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink