1. Home
  2. Vulnerabilities
  3. CVE-2021-34428

CVE-2021-34428

CVSS v3.1 3.5 (Low)
35% Progress
CVSS v2.0 3.6 (Low)
36% Progress
EPSS 0.15 % (52th)
0.15% Progress
Affected Products 16
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Weaknesses
CWE-613
Insufficient Session Expiration
CVE Status
PUBLISHED
CNA
Eclipse Foundation
Published Date
2021-06-22 15:15:16
(3 years ago)
Updated Date
2023-11-07 03:35:59
(10 months ago)

Affected Products

Debian

Eclipse

Netapp

Oracle

Configuration #1

    CPE23 From Up To
  Eclipse Jetty 9.4.40 and prior versions cpe:2.3:a:eclipse:jetty <= 9.4.40
  Eclipse Jetty from 10.0.0 version and 10.0.2 and prior versions cpe:2.3:a:eclipse:jetty >= 10.0.0 <= 10.0.2
  Eclipse Jetty from 11.0.0 version and 11.0.2 and prior versions cpe:2.3:a:eclipse:jetty >= 11.0.0 <= 11.0.2

Configuration #2

    CPE23 From Up To
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

    CPE23 From Up To
  Netapp Active Iq Unified Manager for Linux cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux
  Netapp Active Iq Unified Manager for Windows cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows
  Netapp E-series Santricity Os Controller from 11.0 version and 11.70.1 and prior versions cpe:2.3:a:netapp:e-series_santricity_os_controller >= 11.0 <= 11.70.1
  Netapp E-series Santricity Web Services for Web Services Proxy cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy
  Netapp Element Plug-in for Vcenter Server cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-
  Netapp Santricity Cloud Connector cpe:2.3:a:netapp:santricity_cloud_connector:-
  Netapp Snap Creator Framework cpe:2.3:a:netapp:snap_creator_framework:-
  Netapp Snapmanager for Sap cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap

Configuration #4

    CPE23 From Up To
  Oracle Autovue for Agile Product Lifecycle Management 21.0.2 cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2
  Oracle Communications Element Manager 8.2.2 cpe:2.3:a:oracle:communications_element_manager:8.2.2
  Oracle Communications Services Gatekeeper 7.0 cpe:2.3:a:oracle:communications_services_gatekeeper:7.0
  Oracle Communications Session Report Manager from 8.0.0.0 version and 8.2.4.0 and prior versions cpe:2.3:a:oracle:communications_session_report_manager >= 8.0.0.0 <= 8.2.4.0
  Oracle Communications Session Route Manager from 8.0.0 version and 8.2.4.0 and prior versions cpe:2.3:a:oracle:communications_session_route_manager >= 8.0.0 <= 8.2.4.0
  Oracle Rest Data Services prior 21.3 version cpe:2.3:a:oracle:rest_data_services::*:*:*:- < 21.3
  Oracle Siebel Core - Automation 21.9 and prior versions cpe:2.3:a:oracle:siebel_core_-_automation <= 21.9