Lucene search

K
cve[email protected]CVE-2019-10247
HistoryApr 22, 2019 - 8:29 p.m.

CVE-2019-10247

2019-04-2220:29:00
CWE-200
CWE-213
web.nvd.nist.gov
243
4
eclipse jetty
cve-2019-10247
security vulnerability
information disclosure
directory location disclosure

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

Affected configurations

NVD
Node
eclipsejettyMatch7.0.020091005
OR
eclipsejettyMatch7.0.0maintenance_0
OR
eclipsejettyMatch7.0.0maintenance_1
OR
eclipsejettyMatch7.0.0maintenance_2
OR
eclipsejettyMatch7.0.0maintenance_3
OR
eclipsejettyMatch7.0.0maintenance_4
OR
eclipsejettyMatch7.0.0rc0
OR
eclipsejettyMatch7.0.0rc1
OR
eclipsejettyMatch7.0.0rc3
OR
eclipsejettyMatch7.0.0rc4
OR
eclipsejettyMatch7.0.0rc5
OR
eclipsejettyMatch7.0.0rc6
OR
eclipsejettyMatch7.0.120091125
OR
eclipsejettyMatch7.0.220100331
OR
eclipsejettyMatch7.0.2rc0
OR
eclipsejettyMatch7.1.020100505
OR
eclipsejettyMatch7.1.0rc0
OR
eclipsejettyMatch7.1.0rc1
OR
eclipsejettyMatch7.1.120100517
OR
eclipsejettyMatch7.1.220100523
OR
eclipsejettyMatch7.1.320100526
OR
eclipsejettyMatch7.1.420100610
OR
eclipsejettyMatch7.1.520100705
OR
eclipsejettyMatch7.1.620100715
OR
eclipsejettyMatch7.2.020101020
OR
eclipsejettyMatch7.2.0rc0
OR
eclipsejettyMatch7.2.120101111
OR
eclipsejettyMatch7.2.220101205
OR
eclipsejettyMatch7.3.020110203
OR
eclipsejettyMatch7.3.120110307
OR
eclipsejettyMatch7.4.020110414
OR
eclipsejettyMatch7.4.0rc0
OR
eclipsejettyMatch7.4.120110513
OR
eclipsejettyMatch7.4.220110526
OR
eclipsejettyMatch7.4.320110630
OR
eclipsejettyMatch7.4.320110701
OR
eclipsejettyMatch7.4.420110707
OR
eclipsejettyMatch7.4.520110725
OR
eclipsejettyMatch7.5.020110901
OR
eclipsejettyMatch7.5.0rc0
OR
eclipsejettyMatch7.5.0rc1
OR
eclipsejettyMatch7.5.0rc2
OR
eclipsejettyMatch7.5.120110908
OR
eclipsejettyMatch7.5.220111006
OR
eclipsejettyMatch7.5.320111011
OR
eclipsejettyMatch7.5.420111024
OR
eclipsejettyMatch7.6.020120125
OR
eclipsejettyMatch7.6.020120127
OR
eclipsejettyMatch7.6.0rc0
OR
eclipsejettyMatch7.6.0rc1
OR
eclipsejettyMatch7.6.0rc2
OR
eclipsejettyMatch7.6.0rc3
OR
eclipsejettyMatch7.6.0rc4
OR
eclipsejettyMatch7.6.0rc5
OR
eclipsejettyMatch7.6.120120215
OR
eclipsejettyMatch7.6.220120302
OR
eclipsejettyMatch7.6.220120308
OR
eclipsejettyMatch7.6.320120413
OR
eclipsejettyMatch7.6.320120416
OR
eclipsejettyMatch7.6.420120522
OR
eclipsejettyMatch7.6.420120524
OR
eclipsejettyMatch7.6.520120713
OR
eclipsejettyMatch7.6.520120716
OR
eclipsejettyMatch7.6.620120903
OR
eclipsejettyMatch7.6.720120910
OR
eclipsejettyMatch7.6.820121106
OR
eclipsejettyMatch7.6.920130131
OR
eclipsejettyMatch7.6.1020130312
OR
eclipsejettyMatch7.6.1120130520
OR
eclipsejettyMatch7.6.1120130725
OR
eclipsejettyMatch7.6.1220130726
OR
eclipsejettyMatch7.6.1320130910
OR
eclipsejettyMatch7.6.1320130916
OR
eclipsejettyMatch7.6.1420131031
OR
eclipsejettyMatch7.6.1520140411
OR
eclipsejettyMatch7.6.1620140903
OR
eclipsejettyMatch7.6.1720150415
OR
eclipsejettyMatch7.6.1820150929
OR
eclipsejettyMatch7.6.1920160209
OR
eclipsejettyMatch7.6.2020160902
OR
eclipsejettyMatch7.6.2120160908
OR
eclipsejettyMatch8.0.020110901
OR
eclipsejettyMatch8.0.0maintenance_0
OR
eclipsejettyMatch8.0.0maintenance_1
OR
eclipsejettyMatch8.0.0maintenance_2
OR
eclipsejettyMatch8.0.0maintenance_3
OR
eclipsejettyMatch8.0.0rc0
OR
eclipsejettyMatch8.0.120110908
OR
eclipsejettyMatch8.0.220111006
OR
eclipsejettyMatch8.0.320111011
OR
eclipsejettyMatch8.0.420111024
OR
eclipsejettyMatch8.1.020120127
OR
eclipsejettyMatch8.1.0rc0
OR
eclipsejettyMatch8.1.0rc1
OR
eclipsejettyMatch8.1.0rc2
OR
eclipsejettyMatch8.1.0rc4
OR
eclipsejettyMatch8.1.0rc5
OR
eclipsejettyMatch8.1.120120215
OR
eclipsejettyMatch8.1.220120302
OR
eclipsejettyMatch8.1.220120308
OR
eclipsejettyMatch8.1.320120416
OR
eclipsejettyMatch8.1.420120524
OR
eclipsejettyMatch8.1.520120713
OR
eclipsejettyMatch8.1.520120716
OR
eclipsejettyMatch8.1.620120903
OR
eclipsejettyMatch8.1.720120910
OR
eclipsejettyMatch8.1.820121106
OR
eclipsejettyMatch8.1.920130131
OR
eclipsejettyMatch8.1.1020130312
OR
eclipsejettyMatch8.1.1120130520
OR
eclipsejettyMatch8.1.1220130725
OR
eclipsejettyMatch8.1.1220130726
OR
eclipsejettyMatch8.1.1320130910
OR
eclipsejettyMatch8.1.1320130916
OR
eclipsejettyMatch8.1.1420131031
OR
eclipsejettyMatch8.1.1520140411
OR
eclipsejettyMatch8.1.1620140903
OR
eclipsejettyMatch8.1.1720150415
OR
eclipsejettyMatch8.1.1820150929
OR
eclipsejettyMatch8.1.1920160209
OR
eclipsejettyMatch8.1.2020160902
OR
eclipsejettyMatch8.1.2120160908
OR
eclipsejettyMatch8.1.2220160922
OR
eclipsejettyMatch8.2.020160908
OR
eclipsejettyMatch9.0.020130308
OR
eclipsejettyMatch9.0.0m5
OR
eclipsejettyMatch9.0.0maintenance_0
OR
eclipsejettyMatch9.0.0maintenance_1
OR
eclipsejettyMatch9.0.0maintenance_2
OR
eclipsejettyMatch9.0.0maintenance_3
OR
eclipsejettyMatch9.0.0maintenance_4
OR
eclipsejettyMatch9.0.0maintenance_5
OR
eclipsejettyMatch9.0.0rc0
OR
eclipsejettyMatch9.0.0rc1
OR
eclipsejettyMatch9.0.0rc2
OR
eclipsejettyMatch9.0.0rc3
OR
eclipsejettyMatch9.0.120130408
OR
eclipsejettyMatch9.0.220130417
OR
eclipsejettyMatch9.0.220140415
OR
eclipsejettyMatch9.0.320130506
OR
eclipsejettyMatch9.0.420130621
OR
eclipsejettyMatch9.0.420130625
OR
eclipsejettyMatch9.0.520130813
OR
eclipsejettyMatch9.0.520130815
OR
eclipsejettyMatch9.0.620130919
OR
eclipsejettyMatch9.0.620130930
OR
eclipsejettyMatch9.0.720131031
OR
eclipsejettyMatch9.0.720131107
OR
eclipsejettyMatch9.1.020131115
OR
eclipsejettyMatch9.1.0maintenance_0
OR
eclipsejettyMatch9.1.0rc0
OR
eclipsejettyMatch9.1.0rc1
OR
eclipsejettyMatch9.1.0rc2
OR
eclipsejettyMatch9.1.120140108
OR
eclipsejettyMatch9.1.220140210
OR
eclipsejettyMatch9.1.320140225
OR
eclipsejettyMatch9.1.420140401
OR
eclipsejettyMatch9.1.520140505
OR
eclipsejettyMatch9.1.620151106
OR
eclipsejettyMatch9.1.620160112
OR
eclipsejettyMatch9.2.020140523
OR
eclipsejettyMatch9.2.020140526
OR
eclipsejettyMatch9.2.0maintenance_0
OR
eclipsejettyMatch9.2.0maintenance_1
OR
eclipsejettyMatch9.2.0rc0
OR
eclipsejettyMatch9.2.120140609
OR
eclipsejettyMatch9.2.220140723
OR
eclipsejettyMatch9.2.320140905
OR
eclipsejettyMatch9.2.420141103
OR
eclipsejettyMatch9.2.520141112
OR
eclipsejettyMatch9.2.620141203
OR
eclipsejettyMatch9.2.620141205
OR
eclipsejettyMatch9.2.720150116
OR
eclipsejettyMatch9.2.820150217
OR
eclipsejettyMatch9.2.920150224
OR
eclipsejettyMatch9.2.1020150310
OR
eclipsejettyMatch9.2.1120150528
OR
eclipsejettyMatch9.2.1120150529
OR
eclipsejettyMatch9.2.11maintenance_0
OR
eclipsejettyMatch9.2.1220150709
OR
eclipsejettyMatch9.2.12maintenance_0
OR
eclipsejettyMatch9.2.1320150730
OR
eclipsejettyMatch9.2.1420151106
OR
eclipsejettyMatch9.2.1520160210
OR
eclipsejettyMatch9.2.1620160407
OR
eclipsejettyMatch9.2.1620160414
OR
eclipsejettyMatch9.2.1720160517
OR
eclipsejettyMatch9.2.1820160721
OR
eclipsejettyMatch9.2.1920160908
OR
eclipsejettyMatch9.2.2020161216
OR
eclipsejettyMatch9.2.2120170120
OR
eclipsejettyMatch9.2.2220170606
OR
eclipsejettyMatch9.2.2320171218
OR
eclipsejettyMatch9.2.2420180105
OR
eclipsejettyMatch9.2.2520180606
OR
eclipsejettyMatch9.2.2620180806
OR
eclipsejettyMatch9.2.2720190403
OR
eclipsejettyMatch9.3.020150601
OR
eclipsejettyMatch9.3.020150608
OR
eclipsejettyMatch9.3.020150612
OR
eclipsejettyMatch9.3.0maintenance0
OR
eclipsejettyMatch9.3.0maintenance1
OR
eclipsejettyMatch9.3.0maintenance2
OR
eclipsejettyMatch9.3.0rc0
OR
eclipsejettyMatch9.3.0rc1
OR
eclipsejettyMatch9.3.120150714
OR
eclipsejettyMatch9.3.220150730
OR
eclipsejettyMatch9.3.320150825
OR
eclipsejettyMatch9.3.320150827
OR
eclipsejettyMatch9.3.420151005
OR
eclipsejettyMatch9.3.420151007
OR
eclipsejettyMatch9.3.4rc0
OR
eclipsejettyMatch9.3.4rc1
OR
eclipsejettyMatch9.3.520151012
OR
eclipsejettyMatch9.3.620151106
OR
eclipsejettyMatch9.3.720160115
OR
eclipsejettyMatch9.3.7rc0
OR
eclipsejettyMatch9.3.7rc1
OR
eclipsejettyMatch9.3.820160311
OR
eclipsejettyMatch9.3.820160314
OR
eclipsejettyMatch9.3.8rc0
OR
eclipsejettyMatch9.3.920160517
OR
eclipsejettyMatch9.3.9maintenance_0
OR
eclipsejettyMatch9.3.9maintenance_1
OR
eclipsejettyMatch9.3.1020160621
OR
eclipsejettyMatch9.3.10maintenance_0
OR
eclipsejettyMatch9.3.1120160721
OR
eclipsejettyMatch9.3.11maintenance_0
OR
eclipsejettyMatch9.3.1220160915
OR
eclipsejettyMatch9.3.1320161014
OR
eclipsejettyMatch9.3.13maintenance_0
OR
eclipsejettyMatch9.3.1420161028
OR
eclipsejettyMatch9.3.1520161220
OR
eclipsejettyMatch9.3.1620170119
OR
eclipsejettyMatch9.3.1620170120
OR
eclipsejettyMatch9.3.1720170317
OR
eclipsejettyMatch9.3.17rc0
OR
eclipsejettyMatch9.3.1820170406
OR
eclipsejettyMatch9.3.1920170502
OR
eclipsejettyMatch9.3.2020170531
OR
eclipsejettyMatch9.3.2120170918
OR
eclipsejettyMatch9.3.21maintenance_0
OR
eclipsejettyMatch9.3.21rc0
OR
eclipsejettyMatch9.3.2220171030
OR
eclipsejettyMatch9.3.2320180228
OR
eclipsejettyMatch9.3.2420180605
OR
eclipsejettyMatch9.3.2520180904
OR
eclipsejettyMatch9.3.2620190403
OR
eclipsejettyMatch9.4.020161207
OR
eclipsejettyMatch9.4.020161208
OR
eclipsejettyMatch9.4.020180619
OR
eclipsejettyMatch9.4.0maintenance_0
OR
eclipsejettyMatch9.4.0maintenance_1
OR
eclipsejettyMatch9.4.0rc0
OR
eclipsejettyMatch9.4.0rc1
OR
eclipsejettyMatch9.4.0rc2
OR
eclipsejettyMatch9.4.0rc3
OR
eclipsejettyMatch9.4.120170120
OR
eclipsejettyMatch9.4.120180619
OR
eclipsejettyMatch9.4.220170220
OR
eclipsejettyMatch9.4.220180619
OR
eclipsejettyMatch9.4.320170317
OR
eclipsejettyMatch9.4.320180619
OR
eclipsejettyMatch9.4.420170410
OR
eclipsejettyMatch9.4.420170414
OR
eclipsejettyMatch9.4.420180619
OR
eclipsejettyMatch9.4.520170502
OR
eclipsejettyMatch9.4.520180619
OR
eclipsejettyMatch9.4.620170531
OR
eclipsejettyMatch9.4.620180619
OR
eclipsejettyMatch9.4.720170914
OR
eclipsejettyMatch9.4.720180619
OR
eclipsejettyMatch9.4.7rc0
OR
eclipsejettyMatch9.4.820171121
OR
eclipsejettyMatch9.4.820180619
OR
eclipsejettyMatch9.4.920180320
OR
eclipsejettyMatch9.4.1020180503
OR
eclipsejettyMatch9.4.10rc0
OR
eclipsejettyMatch9.4.10rc1
OR
eclipsejettyMatch9.4.1120180605
OR
eclipsejettyMatch9.4.1220180830
OR
eclipsejettyMatch9.4.12rc0
OR
eclipsejettyMatch9.4.12rc1
OR
eclipsejettyMatch9.4.12rc2
OR
eclipsejettyMatch9.4.1320181111
OR
eclipsejettyMatch9.4.1420181114
OR
eclipsejettyMatch9.4.1520190215
Node
netapponcommand_system_managerRange3.03.1.3
OR
netappsnap_creator_frameworkMatch-
OR
netappsnapcenterMatch-
OR
netappsnapmanagerMatch--oracle
OR
netappsnapmanagerMatch--sap
OR
netappstorage_replication_adapter_for_clustered_data_ontapRange9.6vmware_vsphere
OR
netappstorage_services_connectorMatch-
OR
netappvasa_provider_for_clustered_data_ontapRange9.6
OR
netappvirtual_storage_consoleRange9.6vmware_vsphere
OR
netappelementMatch-vcenter_server
Node
oracleautovueMatch21.0.2
OR
oraclecommunications_analyticsMatch12.1.1
OR
oraclecommunications_element_managerMatch8.0.0
OR
oraclecommunications_element_managerMatch8.1.0
OR
oraclecommunications_element_managerMatch8.1.1
OR
oraclecommunications_element_managerMatch8.2.0
OR
oraclecommunications_services_gatekeeperMatch6.0
OR
oraclecommunications_services_gatekeeperMatch6.1
OR
oraclecommunications_services_gatekeeperMatch7.0
OR
oraclecommunications_session_report_managerMatch8.0.0
OR
oraclecommunications_session_report_managerMatch8.1.0
OR
oraclecommunications_session_report_managerMatch8.1.1
OR
oraclecommunications_session_report_managerMatch8.2.0
OR
oraclecommunications_session_route_managerMatch8.0.0
OR
oraclecommunications_session_route_managerMatch8.1.0
OR
oraclecommunications_session_route_managerMatch8.1.1
OR
oraclecommunications_session_route_managerMatch8.2.0
OR
oracledata_integratorMatch12.2.1.3.0
OR
oracledata_integratorMatch12.2.1.4.0
OR
oracleendeca_information_discovery_integratorMatch3.2.0
OR
oracleenterprise_manager_base_platformMatch13.2
OR
oracleenterprise_manager_base_platformMatch13.3
OR
oracleflexcube_core_bankingRange11.5.011.7.0
OR
oracleflexcube_core_bankingMatch5.2.0
OR
oracleflexcube_private_bankingMatch12.0.0
OR
oracleflexcube_private_bankingMatch12.1.0
OR
oraclefmw_platformMatch12.2.1.3.0
OR
oraclefmw_platformMatch12.2.1.4.0
OR
oraclehospitality_guest_accessMatch4.2.0
OR
oraclehospitality_guest_accessMatch4.2.1
OR
oracleretail_xstore_point_of_serviceMatch7.1
OR
oracleretail_xstore_point_of_serviceMatch15.0
OR
oracleretail_xstore_point_of_serviceMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch17.0
OR
oracleunified_directoryMatch12.2.1.3.0
OR
oracleunified_directoryMatch12.2.1.4.0
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0

CNA Affected

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "7.x"
      },
      {
        "status": "affected",
        "version": "8.x"
      },
      {
        "lessThanOrEqual": "9.2.27",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.3.26",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.16",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

Social References

More

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%