Published: 22/04/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse jetty 9.3.0
eclipse jetty 9.3.4
eclipse jetty 9.3.7
eclipse jetty 9.3.8
eclipse jetty 9.3.1
eclipse jetty 9.3.2
eclipse jetty 9.3.3
eclipse jetty 9.3.5
eclipse jetty 9.3.6
eclipse jetty 9.3.9
eclipse jetty 9.3.10
eclipse jetty 9.3.11
eclipse jetty 9.3.12
eclipse jetty 9.3.13
eclipse jetty 9.3.14
eclipse jetty 9.3.15
eclipse jetty 9.3.16
eclipse jetty 9.3.17
eclipse jetty 9.3.18
eclipse jetty 9.3.19
eclipse jetty 9.3.20
eclipse jetty 9.3.21
eclipse jetty 9.3.22
eclipse jetty 9.3.23
eclipse jetty 9.3.24
eclipse jetty 9.3.25
eclipse jetty 9.4.0
eclipse jetty 9.4.1
eclipse jetty 9.4.2
eclipse jetty 9.4.3
eclipse jetty 9.4.4
eclipse jetty 9.4.5
eclipse jetty 9.4.6
eclipse jetty 9.4.7
eclipse jetty 9.4.8
eclipse jetty 9.4.9
eclipse jetty 9.4.10
eclipse jetty 9.4.11
eclipse jetty 9.4.12
eclipse jetty 9.4.13
eclipse jetty 9.4.14
eclipse jetty 9.4.15
eclipse jetty 9.2.9
eclipse jetty 9.2.8
eclipse jetty 9.2.7
eclipse jetty 9.2.6
eclipse jetty 9.2.5
eclipse jetty 9.2.4
eclipse jetty 9.2.3
eclipse jetty 9.2.27
eclipse jetty 9.2.0
eclipse jetty 9.2.1
eclipse jetty 9.2.2
eclipse jetty 9.2.10
eclipse jetty 9.2.11
eclipse jetty 9.2.12
eclipse jetty 9.2.13
eclipse jetty 9.2.14
eclipse jetty 9.2.15
eclipse jetty 9.2.16
eclipse jetty 9.2.17
eclipse jetty 9.2.18
eclipse jetty 9.2.19
eclipse jetty 9.2.20
eclipse jetty 9.2.21
eclipse jetty 9.2.22
eclipse jetty 9.2.23
eclipse jetty 9.2.24
eclipse jetty 9.2.25
eclipse jetty 9.2.26
eclipse jetty 9.1.0
eclipse jetty 9.1.1
eclipse jetty 9.1.2
eclipse jetty 9.1.3
eclipse jetty 9.1.4
eclipse jetty 9.1.5
eclipse jetty 9.1.6
eclipse jetty 9.0.0
eclipse jetty 9.0.1
eclipse jetty 9.0.2
eclipse jetty 9.0.3
eclipse jetty 9.0.4
eclipse jetty 9.0.5
eclipse jetty 9.0.6
eclipse jetty 9.0.7
eclipse jetty 8.2.0
eclipse jetty 8.1.9
eclipse jetty 8.1.8
eclipse jetty 8.1.7
eclipse jetty 8.1.6
eclipse jetty 8.1.5
eclipse jetty 8.1.4
eclipse jetty 8.1.3
eclipse jetty 8.1.2
eclipse jetty 8.1.20
eclipse jetty 8.1.21
eclipse jetty 8.1.22
eclipse jetty 8.1.1
eclipse jetty 8.1.10
eclipse jetty 8.1.11
eclipse jetty 8.1.12
eclipse jetty 8.1.13
eclipse jetty 8.1.14
eclipse jetty 8.1.15
eclipse jetty 8.1.16
eclipse jetty 8.1.17
eclipse jetty 8.1.18
eclipse jetty 8.1.19
eclipse jetty 8.1.0
eclipse jetty 8.0.0
eclipse jetty 8.0.1
eclipse jetty 8.0.2
eclipse jetty 8.0.3
eclipse jetty 8.0.4
eclipse jetty 7.6.0
eclipse jetty 7.6.1
eclipse jetty 7.6.2
eclipse jetty 7.6.3
eclipse jetty 7.6.4
eclipse jetty 7.6.5
eclipse jetty 7.6.6
eclipse jetty 7.6.7
eclipse jetty 7.6.8
eclipse jetty 7.6.9
eclipse jetty 7.6.10
eclipse jetty 7.6.11
eclipse jetty 7.6.12
eclipse jetty 7.6.13
eclipse jetty 7.6.14
eclipse jetty 7.6.15
eclipse jetty 7.6.16
eclipse jetty 7.6.17
eclipse jetty 7.6.18
eclipse jetty 7.6.19
eclipse jetty 7.6.20
eclipse jetty 7.6.21
eclipse jetty 7.5.0
eclipse jetty 7.5.1
eclipse jetty 7.5.2
eclipse jetty 7.5.3
eclipse jetty 7.5.4
eclipse jetty 7.4.3
eclipse jetty 7.4.4
eclipse jetty 7.4.5
eclipse jetty 7.4.2
eclipse jetty 7.4.1
eclipse jetty 7.4.0
eclipse jetty 7.3.1
eclipse jetty 7.3.0
eclipse jetty 7.2.2
eclipse jetty 7.2.1
eclipse jetty 7.2.0
eclipse jetty 7.1.6
eclipse jetty 7.1.5
eclipse jetty 7.1.4
eclipse jetty 7.1.3
eclipse jetty 7.1.2
eclipse jetty 7.1.1
eclipse jetty 7.1.0
eclipse jetty 7.0.1
eclipse jetty 7.0.2
eclipse jetty 7.0.0
eclipse jetty 9.3.26
netapp snap creator framework -
netapp snapcenter -
netapp oncommand system manager
netapp snapmanager -
netapp storage services connector -
netapp virtual storage console
netapp storage replication adapter for clustered data ontap
netapp vasa provider for clustered data ontap
netapp element -
oracle retail xstore point of service 15.0
oracle flexcube private banking 12.1.0
oracle retail xstore point of service 7.1
oracle flexcube private banking 12.0.0
oracle flexcube core banking 5.2.0
oracle hospitality guest access 4.2.0
oracle hospitality guest access 4.2.1
oracle retail xstore point of service 16.0
oracle endeca information discovery integrator 3.2.0
oracle enterprise manager base platform 13.3
oracle enterprise manager base platform 13.2
oracle data integrator 12.2.1.3.0
oracle unified directory 12.2.1.3.0
oracle unified directory 12.2.1.4.0
oracle communications element manager 8.2.0
oracle communications element manager 8.1.1
oracle retail xstore point of service 17.0
oracle communications element manager 8.1.0
oracle communications element manager 8.0.0
oracle flexcube core banking
oracle communications services gatekeeper 7.0
oracle data integrator 12.2.1.4.0
oracle communications session report manager 8.1.1
oracle communications session report manager 8.2.0
oracle communications session route manager 8.1.1
oracle communications session route manager 8.2.0
oracle communications analytics 12.1.1
oracle communications session route manager 8.0.0
oracle communications session route manager 8.1.0
oracle communications session report manager 8.0.0
oracle communications session report manager 8.1.0
oracle autovue 21.0.2
oracle communications services gatekeeper 6.0
oracle communications services gatekeeper 6.1
oracle fmw platform 12.2.1.4.0
oracle fmw platform 12.2.1.3.0
debian debian linux 9.0
debian debian linux 10.0

Debian Bug report logs - #928444 jetty9: CVE-2019-10241 CVE-2019-10247 Package: src:jetty9; Maintainer for src:jetty9 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 4 May 2019 19:00:01 UTC Severity: important Tags: fixed-ups ...

Synopsis Important: Red Hat AMQ Broker 76 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 76 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: Red Hat AMQ Broker 743 release and security update Type/Severity Security Advisory: Important Topic Red Hat AMQ Broker 743 is now available from the Red Hat Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...

Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service For the stable distribution (buster), these problems have been fixed in version 9416-0+deb10u1 We recommend that you upgrade your jetty9 packages Fo ...

Impact: Moderate Public Date: 2019-04-18 CWE: CWE-200 Bugzilla: 1705993: CVE-2019-10247 jetty: error pa ...

CWE-200 https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577 https://security.netapp.com/advisory/ntap-20190509-0003/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.debian.org/security/2021/dsa-4949 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928444 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4949

Get Started

CVE-2019-10247

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect