In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:apache:ignite:*:*:*:*:*:*:*:*"
],
"vendor_product": "apache:ignite",
"extracted_events": [
{
"fixed": "2.1.1"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "netapp:e-series_santricity_os_controller",
"cpes": [
"cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "11.0.0"
},
{
"last_affected": "11.70.1"
}
]
},
{
"vendor_product": "netapp:storage_replication_adapter_for_clustered_data_ontap",
"cpes": [
"cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*"
],
"extracted_events": [
{
"introduced": "9.6"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*"
],
"vendor_product": "netapp:vasa_provider_for_clustered_data_ontap",
"extracted_events": [
{
"introduced": "9.6"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*"
],
"vendor_product": "netapp:virtual_storage_console",
"extracted_events": [
{
"introduced": "9.6"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_session_report_manager",
"extracted_events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.2.4.0"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:communications_session_route_manager",
"extracted_events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.2.4.0"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:siebel_core_-_automation",
"extracted_events": [
{
"last_affected": "21.9"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*"
],
"vendor_product": "eclipse:jetty",
"extracted_events": [
{
"introduced": "10.0.0-beta2"
},
{
"last_affected": "10.0.0-beta2"
},
{
"introduced": "10.0.0-beta2"
},
{
"last_affected": "10.0.0-beta2"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "fedoraproject:fedora",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "32"
},
{
"last_affected": "32"
},
{
"introduced": "33"
},
{
"last_affected": "33"
},
{
"introduced": "34"
},
{
"last_affected": "34"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
],
"vendor_product": "oracle:autovue_for_agile_product_lifecycle_management",
"extracted_events": [
{
"introduced": "21.0.2"
},
{
"last_affected": "21.0.2"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "oracle:banking_apis",
"cpes": [
"cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "20.1"
},
{
"last_affected": "20.1"
},
{
"introduced": "21.1"
},
{
"last_affected": "21.1"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "oracle:banking_digital_experience",
"cpes": [
"cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "20.1"
},
{
"last_affected": "20.1"
},
{
"introduced": "21.1"
},
{
"last_affected": "21.1"
}
]
},
{
"vendor_product": "oracle:communications_element_manager",
"cpes": [
"cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "8.2.2"
},
{
"last_affected": "8.2.2"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "oracle:communications_services_gatekeeper",
"cpes": [
"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
]
}
]
}{
"cpe": [
"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:10.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:11.0.0:-:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:11.0.0:beta3:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:11.0.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.4.32"
},
{
"fixed": "9.4.39"
},
{
"introduced": "10.0.0-beta2"
},
{
"last_affected": "10.0.0-beta2"
},
{
"introduced": "10.0.1"
},
{
"last_affected": "10.0.1"
},
{
"introduced": "11.0.0-NA"
},
{
"last_affected": "11.0.0-NA"
},
{
"introduced": "11.0.0-beta2"
},
{
"last_affected": "11.0.0-beta2"
},
{
"introduced": "11.0.0-beta3"
},
{
"last_affected": "11.0.0-beta3"
},
{
"introduced": "11.0.1"
},
{
"last_affected": "11.0.1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}