Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.
CVSS Information
N/A
Vulnerability Type
创建拥有不安全权限的临时文件
Vulnerability Title
Eclipse Jetty 安全漏洞
Vulnerability Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 存在安全漏洞,该漏洞源于系统的临时目录在该系统上的所有用户之间共享。并置用户可以观察在共享临时目录中创建临时子目录的过程,并争着完成临时子目录的创建。攻击者可利用该漏洞拥有对用于解压缩web应用程序的子目录的读写权限,包括它们的web - inf lib jar文件和JSP文件。以下产品及版本收到影响:1.0 thru 9.4.32.v20200930版本,
CVSS Information
N/A
Vulnerability Type
N/A