CVE-2021-34429— Eclipse Jetty 安全漏洞

CVSS 5.3 · Medium EPSS 99.30% · P100 更新于 2026-02-25

公开利用映射 3

ExploitDB · 1 EDB-50478 [webapps]

Metasploit · 1 jetty_web_inf_disclosure.rb#CVE-2021-34429 [auxiliary]

Nuclei · 1 CVE-2021-34429.yaml [template]

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2021-34429 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.

来源: 美国国家漏洞数据库 NVD

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

信息暴露

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Eclipse Jetty 安全漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty 9.4.37-9.4.42、10.0.1-10.0.5 和 11.0.1-11.0.5版本存在安全漏洞，攻击者可以使用一些编码字符制作 URI 来访问 WEB-INF 目录的内容或绕过一些安全限制。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

神龙十问 — AI 深度分析

十问解析：根本原因、利用方式、修复建议、紧迫性。摘要免费，完整版需登录。

查看摘要完整分析（登录）

受影响产品

厂商	产品	影响版本	CPE	订阅
The Eclipse Foundation	Eclipse Jetty	9.4.37 ~ unspecified	-

二、漏洞 CVE-2021-34429 的公开POC

#	POC 描述	源链接	神龙链接
1	POC for CVE-2021-34429 - Eclipse Jetty 11.0.5 Sensitive File Disclosure	https://github.com/ColdFusionX/CVE-2021-34429	POC详情
2	Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-34429.yaml	POC详情
3	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Jetty%20WEB-INF%20%E6%95%8F%E6%84%9F%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%20CVE-2021-34429.md	POC详情
4		https://github.com/vulhub/vulhub/blob/master/jetty/CVE-2021-34429/README.md	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2021-34429 的情报信息

请登录查看更多情报信息。

CVE-2021-34429 厂商安全公告 (5)

https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vmx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20210819-0006/x_refsource_CONFIRM

CVE-2021-34429 邮件列表归档 (31)

https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3Emailing-listx_refsource_MLIST

https://nvd.nist.gov/vuln/detail/CVE-2021-34429

IV. Related Vulnerabilities

Same product: Eclipse Jetty

Same vendor: The Eclipse Foundation

Same weakness: CWE-200

V. Comments for CVE-2021-34429

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2021-34429— Eclipse Jetty 安全漏洞

公开利用映射 3

一、漏洞 CVE-2021-34429 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

神龙十问 — AI 深度分析

受影响产品

二、漏洞 CVE-2021-34429 的公开POC

三、漏洞 CVE-2021-34429 的情报信息

CVE-2021-34429 厂商安全公告 (5)

CVE-2021-34429 邮件列表归档 (31)

IV. Related Vulnerabilities

V. Comments for CVE-2021-34429

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2021-34429— Eclipse Jetty 安全漏洞

公开利用映射 3

一、 漏洞 CVE-2021-34429 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

神龙十问 — AI 深度分析

受影响产品

二、漏洞 CVE-2021-34429 的公开POC

三、漏洞 CVE-2021-34429 的情报信息

CVE-2021-34429 厂商安全公告 (5)

CVE-2021-34429 邮件列表归档 (31)

IV. Related Vulnerabilities

V. Comments for CVE-2021-34429

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2021-34429 基础信息