Published: 22/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse jetty 9.2.27
eclipse jetty 9.3.26
eclipse jetty 9.4.16
netapp snap creator framework -
netapp snapcenter -
netapp oncommand system manager
netapp snapmanager -
netapp storage services connector -
netapp virtual storage console
netapp virtual storage console 9.6
netapp storage replication adapter for clustered data ontap
netapp storage replication adapter for clustered data ontap 9.6
netapp vasa provider for clustered data ontap
netapp vasa provider for clustered data ontap -
netapp element -
oracle retail xstore point of service 15.0
oracle flexcube private banking 12.1.0
oracle retail xstore point of service 7.1
oracle flexcube private banking 12.0.0
oracle flexcube core banking 5.2.0
oracle hospitality guest access 4.2.0
oracle hospitality guest access 4.2.1
oracle retail xstore point of service 16.0
oracle endeca information discovery integrator 3.2.0
oracle enterprise manager base platform 13.3
oracle enterprise manager base platform 13.2
oracle data integrator 12.2.1.3.0
oracle unified directory 12.2.1.3.0
oracle unified directory 12.2.1.4.0
oracle communications element manager 8.2.0
oracle communications element manager 8.1.1
oracle retail xstore point of service 17.0
oracle communications element manager 8.1.0
oracle communications element manager 8.0.0
oracle rest data services 12.2.0.1
oracle rest data services 12.1.0.2
oracle rest data services 11.2.0.4
oracle rest data services 18c
oracle flexcube core banking
oracle communications services gatekeeper 7.0
oracle data integrator 12.2.1.4.0
oracle communications session report manager 8.1.1
oracle communications session report manager 8.2.0
oracle communications session route manager 8.1.1
oracle communications session route manager 8.2.0
oracle communications analytics 12.1.1
oracle communications session route manager 8.0.0
oracle communications session route manager 8.1.0
oracle communications session report manager 8.0.0
oracle communications session report manager 8.1.0
oracle autovue 21.0.2
oracle communications services gatekeeper 6.0
oracle communications services gatekeeper 6.1

CWE-200 https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576 https://security.netapp.com/advisory/ntap-20190509-0003/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E https://nvd.nist.gov

CVE-2019-10246

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect