Lucene search
EclipseCVELIST:CVE-2019-17632HistoryNov 25, 2019 - 9:56 p.m.
CVE-2019-17632
2019-11-2521:56:15
CWE-79
eclipse
www.cve.org
28
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
CNA Affected
[
{
"product": "Eclipse Jetty",
"vendor": "The Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "9.4.21.v20190926"
},
{
"status": "affected",
"version": "9.4.22.v20191022"
},
{
"status": "affected",
"version": "9.4.23.v20191118"
}
]
}
]Related
debiancve
debiancve
CVE-2019-17632
2019-11-25 22:15:11
ibm
ibm
openvas
openvas
Eclipse Jetty XSS Vulnerability (CVE-2019-17632) - Windows
2019-11-27 00:00:00
Eclipse Jetty XSS Vulnerability (CVE-2019-17632) - Linux
2019-11-27 00:00:00
Fedora: Security Advisory for jetty (FEDORA-2020-4913d43d77)
2020-01-27 00:00:00
osv
osv
Unescaped exception messages in error responses in Jetty
2019-12-02 18:13:28
CVE-2019-17632
2019-11-25 22:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2019-12-03 02:53:43
github
github
Unescaped exception messages in error responses in Jetty
2019-12-02 18:13:28
cve
cve
CVE-2019-17632
2019-11-25 22:15:11
nvd
nvd
CVE-2019-17632
2019-11-25 22:15:11
prion
prion
Code injection
2019-11-25 22:15:00
fedora
fedora
[SECURITY] Fedora 31 Update: jetty-9.4.24-2.v20191120.fc31
2020-01-17 05:08:08
redhatcve
redhatcve
CVE-2019-17632
2019-12-09 14:48:08
ubuntucve
ubuntucve
CVE-2019-17632
2019-11-25 00:00:00
nessus
nessus
Fedora 31 : jetty (2020-4913d43d77)
2020-01-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00