3 matches found
CVE-2019-10247
CVE-2019-10247 affects Eclipse Jetty when configured to list contexts in 404 responses. Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older disclose the fully qualified directory base resource location in the HTML output of a not-found Context, via the DefaultHandler...
CVE-2017-7658
In CVE-2017-7658, Eclipse Jetty had a flaw in how it handles HTTP requests when multiple Content-Length headers are present or when a Content-Length header accompanies a chunked encoding header. This could allow a forged or pipelined request to bypass intermediary authorization if the shorter len...
CVE-2019-10246
CVE-2019-10246 is described in connected IBM security bulletins as an Eclipse Jetty vulnerability where a server configured to Listing directory contents could expose the fully-qualified Base Resource directory name to remote clients, potentially revealing sensitive information. IBM Cognos Analyt...