In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
eclipse jetty 9.3.0 |
||
eclipse jetty 9.3.4 |
||
eclipse jetty 9.3.7 |
||
eclipse jetty 9.3.8 |
||
eclipse jetty 9.3.1 |
||
eclipse jetty 9.3.2 |
||
eclipse jetty 9.3.3 |
||
eclipse jetty 9.3.5 |
||
eclipse jetty 9.3.6 |
||
eclipse jetty 9.3.9 |
||
eclipse jetty 9.3.10 |
||
eclipse jetty 9.3.11 |
||
eclipse jetty 9.3.12 |
||
eclipse jetty 9.3.13 |
||
eclipse jetty 9.3.14 |
||
eclipse jetty 9.3.15 |
||
eclipse jetty 9.3.16 |
||
eclipse jetty 9.3.17 |
||
eclipse jetty 9.3.18 |
||
eclipse jetty 9.3.19 |
||
eclipse jetty 9.3.20 |
||
eclipse jetty 9.3.21 |
||
eclipse jetty 9.3.22 |
||
eclipse jetty 9.3.23 |
||
eclipse jetty 9.3.24 |
||
eclipse jetty 9.3.25 |
||
eclipse jetty 9.4.0 |
||
eclipse jetty 9.4.1 |
||
eclipse jetty 9.4.2 |
||
eclipse jetty 9.4.3 |
||
eclipse jetty 9.4.4 |
||
eclipse jetty 9.4.5 |
||
eclipse jetty 9.4.6 |
||
eclipse jetty 9.4.7 |
||
eclipse jetty 9.4.8 |
||
eclipse jetty 9.4.9 |
||
eclipse jetty 9.4.10 |
||
eclipse jetty 9.4.11 |
||
eclipse jetty 9.4.12 |
||
eclipse jetty 9.4.13 |
||
eclipse jetty 9.4.14 |
||
eclipse jetty 9.4.15 |
||
eclipse jetty 9.2.9 |
||
eclipse jetty 9.2.8 |
||
eclipse jetty 9.2.7 |
||
eclipse jetty 9.2.6 |
||
eclipse jetty 9.2.5 |
||
eclipse jetty 9.2.4 |
||
eclipse jetty 9.2.3 |
||
eclipse jetty 9.2.0 |
||
eclipse jetty 9.2.1 |
||
eclipse jetty 9.2.2 |
||
eclipse jetty 9.2.10 |
||
eclipse jetty 9.2.11 |
||
eclipse jetty 9.2.12 |
||
eclipse jetty 9.2.13 |
||
eclipse jetty 9.2.14 |
||
eclipse jetty 9.2.15 |
||
eclipse jetty 9.2.16 |
||
eclipse jetty 9.2.17 |
||
eclipse jetty 9.2.18 |
||
eclipse jetty 9.2.19 |
||
eclipse jetty 9.2.20 |
||
eclipse jetty 9.2.21 |
||
eclipse jetty 9.2.22 |
||
eclipse jetty 9.2.23 |
||
eclipse jetty 9.2.24 |
||
eclipse jetty 9.2.25 |
||
eclipse jetty 9.2.26 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
apache drill 1.16.0 |
||
apache activemq 5.15.9 |
||
oracle retail xstore point of service 15.0 |
||
oracle retail xstore point of service 7.1 |
||
oracle flexcube core banking 5.2.0 |
||
oracle retail xstore point of service 16.0 |
||
oracle retail xstore point of service 17.0 |
||
oracle rest data services 12.2.0.1 |
||
oracle rest data services 12.1.0.2 |
||
oracle rest data services 11.2.0.4 |
||
oracle rest data services 18c |
||
oracle flexcube core banking |
Vulmon