Vulnerabilities > CVE-2021-34428 - Insufficient Session Expiration vulnerability in multiple products

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Vulnerable Configurations

Part	Description	Count
Application	Eclipse Eclipse Jetty 11.0.0 Eclipse Jetty 11.0.1 Eclipse Jetty 10.0.0 Eclipse Jetty 10.0.1 Eclipse Jetty 1.0 Eclipse Jetty 1.0.1 Eclipse Jetty 1.1 Eclipse Jetty 1.1.1 Eclipse Jetty 1.3 Eclipse Jetty 1.3.0 Eclipse Jetty 3.0.0 Eclipse Jetty 4.1.0 Eclipse Jetty 4.2.20 Eclipse Jetty 4.2.21 Eclipse Jetty 4.2.23 Eclipse Jetty 4.2.24 Eclipse Jetty 4.2.25 Eclipse Jetty 4.2.26 Eclipse Jetty 4.2.27 Eclipse Jetty 5.0.0 Eclipse Jetty 5.1.0 Eclipse Jetty 5.1.1 Eclipse Jetty 5.1.2 Eclipse Jetty 5.1.3 Eclipse Jetty 5.1.4 Eclipse Jetty 5.1.5 Eclipse Jetty 5.1.6 Eclipse Jetty 5.1.7 Eclipse Jetty 5.1.8 Eclipse Jetty 5.1.9 Eclipse Jetty 5.1.10 Eclipse Jetty 5.1.11 Eclipse Jetty 5.1.12 Eclipse Jetty 6.0.0 Eclipse Jetty 6.0.1 Eclipse Jetty 6.0.2 Eclipse Jetty 6.1.0 Eclipse Jetty 6.1.1 Eclipse Jetty 6.1.2 Eclipse Jetty 6.1.3 Eclipse Jetty 6.1.4 Eclipse Jetty 6.1.5 Eclipse Jetty 6.1.6 Eclipse Jetty 6.1.7 Eclipse Jetty 6.1.8 Eclipse Jetty 6.1.9 Eclipse Jetty 6.1.10 Eclipse Jetty 6.1.11 Eclipse Jetty 6.1.12 Eclipse Jetty 6.1.14 Eclipse Jetty 6.1.15 Eclipse Jetty 6.1.16 Eclipse Jetty 6.1.17 Eclipse Jetty 6.1.18 Eclipse Jetty 6.1.19 Eclipse Jetty 6.1.20 Eclipse Jetty 6.1.21 Eclipse Jetty 6.1.22 Eclipse Jetty 6.1.23 Eclipse Jetty 6.1.24 Eclipse Jetty 6.1.25 Eclipse Jetty 6.1.26 Eclipse Jetty 7.0.0 Eclipse Jetty 7.0.1 Eclipse Jetty 7.0.2 Eclipse Jetty 7.1.0 Eclipse Jetty 7.1.1 Eclipse Jetty 7.1.2 Eclipse Jetty 7.1.3 Eclipse Jetty 7.1.4 Eclipse Jetty 7.1.5 Eclipse Jetty 7.1.6 Eclipse Jetty 7.2.0 Eclipse Jetty 7.2.1 Eclipse Jetty 7.2.2 Eclipse Jetty 7.3.0 Eclipse Jetty 7.3.1 Eclipse Jetty 7.4.0 Eclipse Jetty 7.4.1 Eclipse Jetty 7.4.2 Eclipse Jetty 7.4.3 Eclipse Jetty 7.4.4 Eclipse Jetty 7.4.5 Eclipse Jetty 7.5.0 Eclipse Jetty 7.5.1 Eclipse Jetty 7.5.2 Eclipse Jetty 7.5.3 Eclipse Jetty 7.5.4 Eclipse Jetty 7.6.0 Eclipse Jetty 7.6.1 Eclipse Jetty 7.6.2 Eclipse Jetty 7.6.3 Eclipse Jetty 7.6.4 Eclipse Jetty 7.6.5 Eclipse Jetty 7.6.6 Eclipse Jetty 7.6.7 Eclipse Jetty 7.6.8 Eclipse Jetty 7.6.9 Eclipse Jetty 7.6.10 Eclipse Jetty 7.6.11 Eclipse Jetty 7.6.12 Eclipse Jetty 7.6.13 Eclipse Jetty 7.6.14 Eclipse Jetty 7.6.15 Eclipse Jetty 7.6.16 Eclipse Jetty 7.6.17 Eclipse Jetty 7.6.18 Eclipse Jetty 7.6.19 Eclipse Jetty 7.6.20 Eclipse Jetty 7.6.21 Eclipse Jetty 8-Historical Eclipse Jetty 8.0.0 Eclipse Jetty 8.0.1 Eclipse Jetty 8.0.2 Eclipse Jetty 8.0.3 Eclipse Jetty 8.0.4 Eclipse Jetty 8.1.0 Eclipse Jetty 8.1.1 Eclipse Jetty 8.1.2 Eclipse Jetty 8.1.3 Eclipse Jetty 8.1.4 Eclipse Jetty 8.1.5 Eclipse Jetty 8.1.6 Eclipse Jetty 8.1.7 Eclipse Jetty 8.1.8 Eclipse Jetty 8.1.9 Eclipse Jetty 8.1.10 Eclipse Jetty 8.1.11 Eclipse Jetty 8.1.12 Eclipse Jetty 8.1.13 Eclipse Jetty 8.1.14 Eclipse Jetty 8.1.15 Eclipse Jetty 8.1.16 Eclipse Jetty 8.1.17 Eclipse Jetty 8.1.18 Eclipse Jetty 8.1.19 Eclipse Jetty 8.1.20 Eclipse Jetty 8.1.21 Eclipse Jetty 8.1.22 Eclipse Jetty 8.2.0 Eclipse Jetty 9.0.0 Eclipse Jetty 9.0.1 Eclipse Jetty 9.0.2 Eclipse Jetty 9.0.3 Eclipse Jetty 9.0.4 Eclipse Jetty 9.0.5 Eclipse Jetty 9.0.6 Eclipse Jetty 9.0.7 Eclipse Jetty 9.1.0 Eclipse Jetty 9.1.1 Eclipse Jetty 9.1.2 Eclipse Jetty 9.1.3 Eclipse Jetty 9.1.4 Eclipse Jetty 9.1.5 Eclipse Jetty 9.1.6 Eclipse Jetty 9.2.0 Eclipse Jetty 9.2.1 Eclipse Jetty 9.2.2 Eclipse Jetty 9.2.3 Eclipse Jetty 9.2.4 Eclipse Jetty 9.2.5 Eclipse Jetty 9.2.6 Eclipse Jetty 9.2.7 Eclipse Jetty 9.2.8 Eclipse Jetty 9.2.9 Eclipse Jetty 9.2.10 Eclipse Jetty 9.2.11 Eclipse Jetty 9.2.12 Eclipse Jetty 9.2.13 Eclipse Jetty 9.2.14 Eclipse Jetty 9.2.15 Eclipse Jetty 9.2.16 Eclipse Jetty 9.2.17 Eclipse Jetty 9.2.18 Eclipse Jetty 9.2.19 Eclipse Jetty 9.2.20 Eclipse Jetty 9.2.21 Eclipse Jetty 9.2.22 Eclipse Jetty 9.2.23 Eclipse Jetty 9.2.24 Eclipse Jetty 9.2.25 Eclipse Jetty 9.2.26 Eclipse Jetty 9.2.27 Eclipse Jetty 9.2.28 Eclipse Jetty 9.3.0 Eclipse Jetty 9.3.1 Eclipse Jetty 9.3.2 Eclipse Jetty 9.3.3 Eclipse Jetty 9.3.4 Eclipse Jetty 9.3.5 Eclipse Jetty 9.3.6 Eclipse Jetty 9.3.7 Eclipse Jetty 9.3.8 Eclipse Jetty 9.3.9 Eclipse Jetty 9.3.10 Eclipse Jetty 9.3.11 Eclipse Jetty 9.3.12 Eclipse Jetty 9.3.13 Eclipse Jetty 9.3.14 Eclipse Jetty 9.3.15 Eclipse Jetty 9.3.16 Eclipse Jetty 9.3.17 Eclipse Jetty 9.3.18 Eclipse Jetty 9.3.19 Eclipse Jetty 9.3.20 Eclipse Jetty 9.3.21 Eclipse Jetty 9.3.22 Eclipse Jetty 9.3.23 Eclipse Jetty 9.3.24 Eclipse Jetty 9.3.25 Eclipse Jetty 9.3.26 Eclipse Jetty 9.3.27 Eclipse Jetty 9.3.29 Eclipse Jetty 9.4.0 Eclipse Jetty 9.4.1 Eclipse Jetty 9.4.2 Eclipse Jetty 9.4.3 Eclipse Jetty 9.4.4 Eclipse Jetty 9.4.5 Eclipse Jetty 9.4.6 Eclipse Jetty 9.4.7 Eclipse Jetty 9.4.8 Eclipse Jetty 9.4.9 Eclipse Jetty 9.4.10 Eclipse Jetty 9.4.11 Eclipse Jetty 9.4.12 Eclipse Jetty 9.4.13 Eclipse Jetty 9.4.14 Eclipse Jetty 9.4.15 Eclipse Jetty 9.4.16 Eclipse Jetty 9.4.17 Eclipse Jetty 9.4.18 Eclipse Jetty 9.4.19 Eclipse Jetty 9.4.20 Eclipse Jetty 9.4.21 Eclipse Jetty 9.4.22 Eclipse Jetty 9.4.23 Eclipse Jetty 9.4.24 Eclipse Jetty 9.4.25 Eclipse Jetty 9.4.26 Eclipse Jetty 9.4.27 Eclipse Jetty 9.4.28 Eclipse Jetty 9.4.29 Eclipse Jetty 9.4.30 Eclipse Jetty 9.4.31 Eclipse Jetty 9.4.32 Eclipse Jetty 9.4.33 Eclipse Jetty 9.4.34 Eclipse Jetty 9.4.35 Eclipse Jetty 9.4.36 Eclipse Jetty 9.4.37 Eclipse Jetty 9.4.38 Eclipse Jetty 9.4.39 Eclipse Jetty 9.4.40	580
Application	Netapp Netapp Snap Creator Framework - Netapp Santricity Cloud Connector - Netapp Snapmanager - Netapp E Series Santricity WEB Services - Netapp Active IQ Unified Manager - Netapp E Series Santricity OS Controller 11.0 Netapp E Series Santricity OS Controller 11.0.0 Netapp E Series Santricity OS Controller 11.20 Netapp E Series Santricity OS Controller 11.25 Netapp E Series Santricity OS Controller 11.30 Netapp E Series Santricity OS Controller 11.30.5R3 Netapp E Series Santricity OS Controller 11.40 Netapp E Series Santricity OS Controller 11.40.3R2 Netapp E Series Santricity OS Controller 11.40.5 Netapp E Series Santricity OS Controller 11.50.1 Netapp E Series Santricity OS Controller 11.50.2 Netapp E Series Santricity OS Controller 11.60 Netapp E Series Santricity OS Controller 11.60.0 Netapp E Series Santricity OS Controller 11.60.1 Netapp E Series Santricity OS Controller 11.60.3 Netapp E Series Santricity OS Controller 11.70.1 Netapp Element Plug IN FOR Vcenter Server -	24
Application	Oracle Oracle Communications Services Gatekeeper 7.0 Oracle Autovue FOR Agile Product Lifecycle Management 21.0.2 Oracle Siebel Core Automation - Oracle Siebel Core Automation 21.5 Oracle Siebel Core Automation 21.9 Oracle Communications Session Route Manager 8.0.0 Oracle Communications Session Route Manager 8.1.0 Oracle Communications Session Route Manager 8.1.1 Oracle Communications Session Route Manager 8.2.0 Oracle Communications Session Route Manager 8.2.0.0 Oracle Communications Session Route Manager 8.2.1 Oracle Communications Session Route Manager 8.2.2 Oracle Communications Session Route Manager 8.2.2.1 Oracle Communications Session Route Manager 8.2.4 Oracle Communications Session Route Manager 8.2.4.0 Oracle Communications Element Manager 8.2.2 Oracle Rest Data Services 11.2.0.4 Oracle Rest Data Services 12.1.0.2 Oracle Rest Data Services 12.2.0.1 Oracle Rest Data Services 18C Oracle Rest Data Services 19C Oracle Rest Data Services 20.4.3.050.1904 Oracle Rest Data Services 21.2 Oracle Rest Data Services 21.2.4 Oracle Communications Session Report Manager 8.0.0.0 Oracle Communications Session Report Manager 8.1.0 Oracle Communications Session Report Manager 8.1.1 Oracle Communications Session Report Manager 8.2.0 Oracle Communications Session Report Manager 8.2.1 Oracle Communications Session Report Manager 8.2.2 Oracle Communications Session Report Manager 8.2.2.1 Oracle Communications Session Report Manager 8.2.4.0	32
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References