EM Vulnerability: BDSA-2021-1714 (Jetty)
Article ID: 217919
Updated On:
Products
CA Application Performance Management (APM / Wily / Introscope)
Issue/Introduction
This vulnerability has been found when scanning Introscope code.
BDSA-2021-1714
Description :
Jetty is vulnerable to information disclosure due to improper requested path verification. This allows crafted requests to access protected resources of the web application which, depending on the implementation, might reveal sensitive information.
CVSS Score : 6.7
CVSS Version : -
Published On : Thu Jun 10 2021
Environment
Release : 10.7.0
Component : Integration with APM
Resolution
This will be addressed in 10.7 SP4 with an update to Jetty 9.4.42 (the final Jetty version of SP4 could be a higher version)
Feedback
Yes
No
Powered by
