{"affected":[{"ecosystem_specific":{"binaries":[{"jetty-http":"9.4.42-3.9.1","jetty-io":"9.4.42-3.9.1","jetty-security":"9.4.42-3.9.1","jetty-server":"9.4.42-3.9.1","jetty-servlet":"9.4.42-3.9.1","jetty-util":"9.4.42-3.9.1","jetty-util-ajax":"9.4.42-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP2","name":"jetty-minimal","purl":"pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.42-3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"jetty-http":"9.4.42-3.9.1","jetty-io":"9.4.42-3.9.1","jetty-security":"9.4.42-3.9.1","jetty-server":"9.4.42-3.9.1","jetty-servlet":"9.4.42-3.9.1","jetty-util":"9.4.42-3.9.1","jetty-util-ajax":"9.4.42-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15 SP3","name":"jetty-minimal","purl":"pkg:rpm/suse/jetty-minimal&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.4.42-3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for jetty-minimal fixes the following issues:\n\nUpdate to version 9.4.42.v20210604\n\n- Fix: bsc#1187117, CVE-2021-28169 - possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory\n- Fix: bsc#1184367, CVE-2021-28165 - jetty server high CPU when client send data length > 17408\n- Fix: bsc#1184368, CVE-2021-28164 - Normalize ambiguous URIs\n- Fix: bsc#1184366, CVE-2021-28163 - Exclude webapps directory from deployment scan\n","id":"SUSE-SU-2021:2005-1","modified":"2021-06-17T16:04:19Z","published":"2021-06-17T16:04:19Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20212005-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184366"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184367"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184368"},{"type":"REPORT","url":"https://bugzilla.suse.com/1187117"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28163"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28164"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28169"}],"related":["CVE-2021-28163","CVE-2021-28164","CVE-2021-28165","CVE-2021-28169"],"summary":"Security update for jetty-minimal","upstream":["CVE-2021-28163","CVE-2021-28164","CVE-2021-28165","CVE-2021-28169"]}