Lucene search

K
nvd[email protected]NVD:CVE-2019-10241
HistoryApr 22, 2019 - 8:29 p.m.

CVE-2019-10241

2019-04-2220:29:00
CWE-79
web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.5%

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Affected configurations

NVD
Node
eclipsejettyMatch9.2.020140523
OR
eclipsejettyMatch9.2.020140526
OR
eclipsejettyMatch9.2.0maintenance_0
OR
eclipsejettyMatch9.2.0maintenance_1
OR
eclipsejettyMatch9.2.0rc0
OR
eclipsejettyMatch9.2.120140609
OR
eclipsejettyMatch9.2.220140723
OR
eclipsejettyMatch9.2.320140905
OR
eclipsejettyMatch9.2.420141103
OR
eclipsejettyMatch9.2.520141112
OR
eclipsejettyMatch9.2.620141203
OR
eclipsejettyMatch9.2.620141205
OR
eclipsejettyMatch9.2.720150116
OR
eclipsejettyMatch9.2.820150217
OR
eclipsejettyMatch9.2.920150224
OR
eclipsejettyMatch9.2.1020150310
OR
eclipsejettyMatch9.2.1120150528
OR
eclipsejettyMatch9.2.1120150529
OR
eclipsejettyMatch9.2.11maintenance_0
OR
eclipsejettyMatch9.2.1220150709
OR
eclipsejettyMatch9.2.12maintenance_0
OR
eclipsejettyMatch9.2.1320150730
OR
eclipsejettyMatch9.2.1420151106
OR
eclipsejettyMatch9.2.1520160210
OR
eclipsejettyMatch9.2.1620160407
OR
eclipsejettyMatch9.2.1620160414
OR
eclipsejettyMatch9.2.1720160517
OR
eclipsejettyMatch9.2.1820160721
OR
eclipsejettyMatch9.2.1920160908
OR
eclipsejettyMatch9.2.2020161216
OR
eclipsejettyMatch9.2.2120170120
OR
eclipsejettyMatch9.2.2220170606
OR
eclipsejettyMatch9.2.2320171218
OR
eclipsejettyMatch9.2.2420180105
OR
eclipsejettyMatch9.2.2520180606
OR
eclipsejettyMatch9.2.2620180806
OR
eclipsejettyMatch9.3.020150601
OR
eclipsejettyMatch9.3.020150608
OR
eclipsejettyMatch9.3.020150612
OR
eclipsejettyMatch9.3.0maintenance0
OR
eclipsejettyMatch9.3.0maintenance1
OR
eclipsejettyMatch9.3.0maintenance2
OR
eclipsejettyMatch9.3.0rc0
OR
eclipsejettyMatch9.3.0rc1
OR
eclipsejettyMatch9.3.120150714
OR
eclipsejettyMatch9.3.220150730
OR
eclipsejettyMatch9.3.320150825
OR
eclipsejettyMatch9.3.320150827
OR
eclipsejettyMatch9.3.420151005
OR
eclipsejettyMatch9.3.420151007
OR
eclipsejettyMatch9.3.4rc0
OR
eclipsejettyMatch9.3.4rc1
OR
eclipsejettyMatch9.3.520151012
OR
eclipsejettyMatch9.3.620151106
OR
eclipsejettyMatch9.3.720160115
OR
eclipsejettyMatch9.3.7rc0
OR
eclipsejettyMatch9.3.7rc1
OR
eclipsejettyMatch9.3.820160311
OR
eclipsejettyMatch9.3.820160314
OR
eclipsejettyMatch9.3.8rc0
OR
eclipsejettyMatch9.3.920160517
OR
eclipsejettyMatch9.3.9maintenance_0
OR
eclipsejettyMatch9.3.9maintenance_1
OR
eclipsejettyMatch9.3.1020160621
OR
eclipsejettyMatch9.3.10maintenance_0
OR
eclipsejettyMatch9.3.1120160721
OR
eclipsejettyMatch9.3.11maintenance_0
OR
eclipsejettyMatch9.3.1220160915
OR
eclipsejettyMatch9.3.1320161014
OR
eclipsejettyMatch9.3.13maintenance_0
OR
eclipsejettyMatch9.3.1420161028
OR
eclipsejettyMatch9.3.1520161220
OR
eclipsejettyMatch9.3.1620170119
OR
eclipsejettyMatch9.3.1620170120
OR
eclipsejettyMatch9.3.1720170317
OR
eclipsejettyMatch9.3.17rc0
OR
eclipsejettyMatch9.3.1820170406
OR
eclipsejettyMatch9.3.1920170502
OR
eclipsejettyMatch9.3.2020170531
OR
eclipsejettyMatch9.3.2120170918
OR
eclipsejettyMatch9.3.21maintenance_0
OR
eclipsejettyMatch9.3.21rc0
OR
eclipsejettyMatch9.3.2220171030
OR
eclipsejettyMatch9.3.2320180228
OR
eclipsejettyMatch9.3.2420180605
OR
eclipsejettyMatch9.3.2520180904
OR
eclipsejettyMatch9.4.020161207
OR
eclipsejettyMatch9.4.020161208
OR
eclipsejettyMatch9.4.020180619
OR
eclipsejettyMatch9.4.0maintenance_0
OR
eclipsejettyMatch9.4.0maintenance_1
OR
eclipsejettyMatch9.4.0rc0
OR
eclipsejettyMatch9.4.0rc1
OR
eclipsejettyMatch9.4.0rc2
OR
eclipsejettyMatch9.4.0rc3
OR
eclipsejettyMatch9.4.120170120
OR
eclipsejettyMatch9.4.120180619
OR
eclipsejettyMatch9.4.220170220
OR
eclipsejettyMatch9.4.220180619
OR
eclipsejettyMatch9.4.320170317
OR
eclipsejettyMatch9.4.320180619
OR
eclipsejettyMatch9.4.420170410
OR
eclipsejettyMatch9.4.420170414
OR
eclipsejettyMatch9.4.420180619
OR
eclipsejettyMatch9.4.520170502
OR
eclipsejettyMatch9.4.520180619
OR
eclipsejettyMatch9.4.620170531
OR
eclipsejettyMatch9.4.620180619
OR
eclipsejettyMatch9.4.720170914
OR
eclipsejettyMatch9.4.720180619
OR
eclipsejettyMatch9.4.7rc0
OR
eclipsejettyMatch9.4.820171121
OR
eclipsejettyMatch9.4.820180619
OR
eclipsejettyMatch9.4.920180320
OR
eclipsejettyMatch9.4.1020180503
OR
eclipsejettyMatch9.4.10rc0
OR
eclipsejettyMatch9.4.10rc1
OR
eclipsejettyMatch9.4.1120180605
OR
eclipsejettyMatch9.4.1220180830
OR
eclipsejettyMatch9.4.12rc0
OR
eclipsejettyMatch9.4.12rc1
OR
eclipsejettyMatch9.4.12rc2
OR
eclipsejettyMatch9.4.1320181111
OR
eclipsejettyMatch9.4.1420181114
OR
eclipsejettyMatch9.4.1520190215
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
apacheactivemqMatch5.15.9
OR
apachedrillMatch1.16.0
Node
oracleflexcube_core_bankingRange11.5.011.7.0
OR
oracleflexcube_core_bankingMatch5.2.0
OR
oraclerest_data_servicesMatch11.2.0.4-
OR
oraclerest_data_servicesMatch12.1.0.2-
OR
oraclerest_data_servicesMatch12.2.0.1-
OR
oraclerest_data_servicesMatch18c-
OR
oracleretail_xstore_point_of_serviceMatch7.1
OR
oracleretail_xstore_point_of_serviceMatch15.0
OR
oracleretail_xstore_point_of_serviceMatch16.0
OR
oracleretail_xstore_point_of_serviceMatch17.0

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

7.5

Confidence

High

EPSS

0.005

Percentile

75.5%