Lucene search

[email protected]NVD:CVE-2019-10241

HistoryApr 22, 2019 - 8:29 p.m.

CVE-2019-10241

2019-04-2220:29:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Affected configurations

NVD

Node

eclipsejettyMatch9.2.020140523

eclipsejettyMatch9.2.020140526

eclipsejettyMatch9.2.0maintenance_0

eclipsejettyMatch9.2.0maintenance_1

eclipsejettyMatch9.2.0rc0

eclipsejettyMatch9.2.120140609

eclipsejettyMatch9.2.220140723

eclipsejettyMatch9.2.320140905

eclipsejettyMatch9.2.420141103

eclipsejettyMatch9.2.520141112

eclipsejettyMatch9.2.620141203

eclipsejettyMatch9.2.620141205

eclipsejettyMatch9.2.720150116

eclipsejettyMatch9.2.820150217

eclipsejettyMatch9.2.920150224

eclipsejettyMatch9.2.1020150310

eclipsejettyMatch9.2.1120150528

eclipsejettyMatch9.2.1120150529

eclipsejettyMatch9.2.11maintenance_0

eclipsejettyMatch9.2.1220150709

eclipsejettyMatch9.2.12maintenance_0

eclipsejettyMatch9.2.1320150730

eclipsejettyMatch9.2.1420151106

eclipsejettyMatch9.2.1520160210

eclipsejettyMatch9.2.1620160407

eclipsejettyMatch9.2.1620160414

eclipsejettyMatch9.2.1720160517

eclipsejettyMatch9.2.1820160721

eclipsejettyMatch9.2.1920160908

eclipsejettyMatch9.2.2020161216

eclipsejettyMatch9.2.2120170120

eclipsejettyMatch9.2.2220170606

eclipsejettyMatch9.2.2320171218

eclipsejettyMatch9.2.2420180105

eclipsejettyMatch9.2.2520180606

eclipsejettyMatch9.2.2620180806

eclipsejettyMatch9.3.020150601

eclipsejettyMatch9.3.020150608

eclipsejettyMatch9.3.020150612

eclipsejettyMatch9.3.0maintenance0

eclipsejettyMatch9.3.0maintenance1

eclipsejettyMatch9.3.0maintenance2

eclipsejettyMatch9.3.0rc0

eclipsejettyMatch9.3.0rc1

eclipsejettyMatch9.3.120150714

eclipsejettyMatch9.3.220150730

eclipsejettyMatch9.3.320150825

eclipsejettyMatch9.3.320150827

eclipsejettyMatch9.3.420151005

eclipsejettyMatch9.3.420151007

eclipsejettyMatch9.3.4rc0

eclipsejettyMatch9.3.4rc1

eclipsejettyMatch9.3.520151012

eclipsejettyMatch9.3.620151106

eclipsejettyMatch9.3.720160115

eclipsejettyMatch9.3.7rc0

eclipsejettyMatch9.3.7rc1

eclipsejettyMatch9.3.820160311

eclipsejettyMatch9.3.820160314

eclipsejettyMatch9.3.8rc0

eclipsejettyMatch9.3.920160517

eclipsejettyMatch9.3.9maintenance_0

eclipsejettyMatch9.3.9maintenance_1

eclipsejettyMatch9.3.1020160621

eclipsejettyMatch9.3.10maintenance_0

eclipsejettyMatch9.3.1120160721

eclipsejettyMatch9.3.11maintenance_0

eclipsejettyMatch9.3.1220160915

eclipsejettyMatch9.3.1320161014

eclipsejettyMatch9.3.13maintenance_0

eclipsejettyMatch9.3.1420161028

eclipsejettyMatch9.3.1520161220

eclipsejettyMatch9.3.1620170119

eclipsejettyMatch9.3.1620170120

eclipsejettyMatch9.3.1720170317

eclipsejettyMatch9.3.17rc0

eclipsejettyMatch9.3.1820170406

eclipsejettyMatch9.3.1920170502

eclipsejettyMatch9.3.2020170531

eclipsejettyMatch9.3.2120170918

eclipsejettyMatch9.3.21maintenance_0

eclipsejettyMatch9.3.21rc0

eclipsejettyMatch9.3.2220171030

eclipsejettyMatch9.3.2320180228

eclipsejettyMatch9.3.2420180605

eclipsejettyMatch9.3.2520180904

eclipsejettyMatch9.4.020161207

eclipsejettyMatch9.4.020161208

eclipsejettyMatch9.4.020180619

eclipsejettyMatch9.4.0maintenance_0

eclipsejettyMatch9.4.0maintenance_1

eclipsejettyMatch9.4.0rc0

eclipsejettyMatch9.4.0rc1

eclipsejettyMatch9.4.0rc2

eclipsejettyMatch9.4.0rc3

eclipsejettyMatch9.4.120170120

eclipsejettyMatch9.4.120180619

eclipsejettyMatch9.4.220170220

eclipsejettyMatch9.4.220180619

eclipsejettyMatch9.4.320170317

eclipsejettyMatch9.4.320180619

eclipsejettyMatch9.4.420170410

eclipsejettyMatch9.4.420170414

eclipsejettyMatch9.4.420180619

eclipsejettyMatch9.4.520170502

eclipsejettyMatch9.4.520180619

eclipsejettyMatch9.4.620170531

eclipsejettyMatch9.4.620180619

eclipsejettyMatch9.4.720170914

eclipsejettyMatch9.4.720180619

eclipsejettyMatch9.4.7rc0

eclipsejettyMatch9.4.820171121

eclipsejettyMatch9.4.820180619

eclipsejettyMatch9.4.920180320

eclipsejettyMatch9.4.1020180503

eclipsejettyMatch9.4.10rc0

eclipsejettyMatch9.4.10rc1

eclipsejettyMatch9.4.1120180605

eclipsejettyMatch9.4.1220180830

eclipsejettyMatch9.4.12rc0

eclipsejettyMatch9.4.12rc1

eclipsejettyMatch9.4.12rc2

eclipsejettyMatch9.4.1320181111

eclipsejettyMatch9.4.1420181114

eclipsejettyMatch9.4.1520190215

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

apacheactivemqMatch5.15.9

apachedrillMatch1.16.0

Node

oracleflexcube_core_bankingRange11.5.0–11.7.0

oracleflexcube_core_bankingMatch5.2.0

oraclerest_data_servicesMatch11.2.0.4-

oraclerest_data_servicesMatch12.1.0.2-

oraclerest_data_servicesMatch12.2.0.1-

oraclerest_data_servicesMatch18c-

oracleretail_xstore_point_of_serviceMatch7.1

oracleretail_xstore_point_of_serviceMatch15.0

oracleretail_xstore_point_of_serviceMatch16.0

oracleretail_xstore_point_of_serviceMatch17.0

References

bugs.eclipse.org/bugs/show_bug.cgi?id=546121

lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E

lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E

lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E

lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

lists.debian.org/debian-lts-announce/2021/05/msg00016.html

security.netapp.com/advisory/ntap-20190509-0003/

www.debian.org/security/2021/dsa-4949

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for NVD:CVE-2019-10241

osv4 prion1 f51 cvelist1 openvas4 ubuntucve1 github1 symantec1 debiancve1 ibm23 cve1 redhatcve1 veracode1 nessus4 debian2 redhat3 oracle2