Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-12536
HistoryJun 27, 2018 - 12:00 a.m.

CVE-2018-12536

2018-06-2700:00:00
ubuntu.com
ubuntu.com
12

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.1%

JSON

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using
default Error Handling, when an intentionally bad query arrives that
doesn’t match a dynamic url-pattern, and is eventually handled by the
DefaultServlet’s static file serving, the bad characters can trigger a
java.nio.file.InvalidPathException which includes the full path to the base
resource directory that the DefaultServlet and/or webapp is using. If this
InvalidPathException is then handled by the default Error Handler, the
InvalidPathException message is included in the error response, revealing
the full server path to the requesting system.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchjetty9< anyUNKNOWN

Related

openvas 4
osv 3
prion 1
cve 1
github 1
veracode 1
redhatcve 1
f5 1
nessus 4
debiancve 1
fedora 2
ibm 16
debian 1
redhat 1
oracle 2
openvas
openvas
Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability (Windows)
2018-07-05 00:00:00
Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability (Linux)
2018-07-05 00:00:00
Fedora Update for jetty FEDORA-2018-48b73ed393
2018-07-15 00:00:00
osv
osv
CVE-2018-12536
2018-06-27 17:29:00
Eclipse Jetty Server generates error message containing sensitive information
2018-10-19 16:15:56
jetty9 - security update
2021-05-14 00:00:00
prion
prion
Design/Logic Flaw
2018-06-27 17:29:00
cve
cve
CVE-2018-12536
2018-06-27 17:29:00
github
github
Eclipse Jetty Server generates error message containing sensitive information
2018-10-19 16:15:56
veracode
veracode
Information Disclosure
2018-06-26 16:29:06
redhatcve
redhatcve
CVE-2018-12536
2018-07-02 22:33:34
f5
f5
K33548065 : Eclipse Jetty vulnerability CVE-2018-12536
2022-03-28 00:00:00
nessus
nessus
F5 Networks BIG-IP : Eclipse Jetty vulnerability (K33548065)
2022-03-29 00:00:00
Fedora 28 : jetty (2018-48b73ed393)
2019-01-03 00:00:00
Debian DLA-2661-1 : jetty9 security update
2021-05-17 00:00:00
debiancve
debiancve
CVE-2018-12536
2018-06-27 17:29:00
fedora
fedora
[SECURITY] Fedora 28 Update: jetty-9.4.11-2.v20180605.fc28
2018-07-12 14:21:30
[SECURITY] Fedora 27 Update: jetty-9.4.11-2.v20180605.fc27
2018-07-12 13:47:39
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
2019-11-06 19:05:46
Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of chunked transfer-encoding chunk size. IBM Rational Service Tester is affected by this vulnerability.
2019-01-03 15:15:01
Security Bulletin: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. IBM Rational Performance Tester is affected by this vulnerability.
2020-05-22 13:46:31
debian
debian
[SECURITY] [DLA 2661-1] jetty9 security update
2021-05-14 13:28:53
redhat
redhat
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for UB:CVE-2018-12536
openvas4osv3prion1cve1github1veracode1redhatcve1f51nessus4debiancve1fedora2ibm16debian1redhat1oracle2