Jetty@9.2.4 Security Vulnerabilities and Issues — Jetty@9.2.4 CVE List

Lucene search

EclipseJetty9.2.4

3 matches found

CVE•added 2019/04/22 8:29 p.m.•299 views

CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches t...

5.3CVSS6AI score0.0711EPSS

CVE•added 2019/04/22 8:29 p.m.•180 views

CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

6.1CVSS6.1AI score0.10588EPSS

CVE•added 2016/10/07 2:59 p.m.•148 views

CVE-2015-2080

The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.

7.5CVSS7.2AI score0.92414EPSS