Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian 9: DLA-2688-1 Critical: Jetty9 Information Leak Risk

debian lts
Calendar Grey June 17, 2021
Dist Debian Esm H88
A security notice DLA-2688-1 highlights vulnerabilities related to the safeguarding of sensitive data. Ensure you apply the update immediately!
Steven Seeley discovered that in jetty, a Java servlet engine and webserver, requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-I...

Summary

For Debian 9 stretch, this problem has been fixed in version
9.2.30-0+deb9u2.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/jetty9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

Package: jetty9
Version: 9.2.30-0+deb9u2
CVE ID: CVE-2021-28169

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here