Lucene search

K
cvelistEclipseCVELIST:CVE-2019-10241
HistoryApr 22, 2019 - 8:14 p.m.

CVE-2019-10241

2019-04-2220:14:49
CWE-79
eclipse
www.cve.org

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

CNA Affected

[
  {
    "product": "Eclipse Jetty",
    "vendor": "The Eclipse Foundation",
    "versions": [
      {
        "lessThanOrEqual": "9.2.26",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.3.25",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "9.4.15",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

6.6 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%