CVE-2019-10241
Vulnerability from cvelistv5
Published
2019-04-22 20:14
Modified
2024-08-04 22:17
Severity ?
Summary
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
References
emo@eclipse.orghttps://bugs.eclipse.org/bugs/show_bug.cgi?id=546121Issue Tracking, Vendor Advisory
emo@eclipse.orghttps://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
emo@eclipse.orghttps://lists.debian.org/debian-lts-announce/2021/05/msg00016.htmlMailing List, Third Party Advisory
emo@eclipse.orghttps://security.netapp.com/advisory/ntap-20190509-0003/Third Party Advisory
emo@eclipse.orghttps://www.debian.org/security/2021/dsa-4949Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/05/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190509-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4949Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:19.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"
          },
          {
            "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
          },
          {
            "name": "DSA-4949",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.2.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.3.25",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T11:06:23",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"
        },
        {
          "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
        },
        {
          "name": "DSA-4949",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2019-10241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.2.26"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.3.25"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190509-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"
            },
            {
              "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"
            },
            {
              "name": "DSA-4949",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2019-10241",
    "datePublished": "2019-04-22T20:14:49",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:19.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10241\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2019-04-22T20:29:00.243\",\"lastModified\":\"2024-11-21T04:18:43.417\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.\"},{\"lang\":\"es\",\"value\":\"Eclipse Jetty versiones 9.2.26 y anteriores, 9.3.25 y anteriores, 9.3.25 y anteriores, y 9.4.15 y anteriores. El servidor es vulnerable a un Cross-Site Scripting (XSS) si un cliente remoto emplea una URL especialmente formada contra el DefaultServlet o ResourceHandler que est\u00e9 configurado para mostrar un listado del contenido de los directorios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3DBA476-4CBF-457E-B34B-38D363A61FF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*\",\"matchCriteriaId\":\"617652B0-AE6D-40F2-862F-22461469C44B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"4741E336-4C6C-4ACA-A7DC-93ED7AF5D0A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"693C2BDC-B0BA-41C1-8417-A011356E299B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFDEBE0B-A00A-45B1-9696-EF15CE33D78E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B821618-500F-4D53-8074-52594B205920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*\",\"matchCriteriaId\":\"468677A7-4F49-441A-B395-2E91A23DB315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C6795DC-F74D-4FA5-8101-5EBA1F6C40B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*\",\"matchCriteriaId\":\"1608313D-051E-404A-8EA4-FA9AE85986C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*\",\"matchCriteriaId\":\"924C49E5-E895-4FFA-BFBF-FD35F1D387A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*\",\"matchCriteriaId\":\"85511393-A06D-49E1-A337-F907460202E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*\",\"matchCriteriaId\":\"171A1985-6507-4FF9-82CA-3A563DD6BB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*\",\"matchCriteriaId\":\"B808093F-84D9-47E8-A073-1ABE9876ECBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A9F7AC1-7749-4366-9A8D-8295E67F6F6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A77B21A-B792-406D-B595-A04F2072B845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE9FE53-313D-421D-829B-DC10CF445E77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*\",\"matchCriteriaId\":\"647AF59D-9439-4CF3-B3FF-F9349DF2D87B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4469A39-4BA5-4F39-8F89-406ADDF71403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0629B5B-D242-4835-B9DB-24C94844EE16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E9D6731-E22A-4F17-BEB8-9F9993C54136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD85DBCD-F62F-444F-B4D6-7462AC4E3CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*\",\"matchCriteriaId\":\"F545A49C-86D9-47EF-8B01-855B63B8412E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*\",\"matchCriteriaId\":\"15F53024-1B27-4F74-BCAE-5160D5C97AAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E6B55AB-3432-4D3B-8EFB-5E9B95D2CAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6A7426D-8CE9-4A74-9C91-CBC9E2A71D1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1A8929-6122-47D4-A166-26CC4D93E47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D612C4F-5728-4BC8-B546-70F40857A244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77A4E1D-F90A-4F60-BA5D-94D32C9A24E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F158635-FC7A-4FCF-8FCD-92749DEABEF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D77072-129D-411A-B05A-40E33A9B6234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A43FFDF-7C66-4474-AD85-A5E55C8AE00D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*\",\"matchCriteriaId\":\"54CB12A0-45F2-458F-91AE-EE78DD5B0A0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C145C68-565E-4276-A3C6-F19F0B1A586F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE5E071A-E847-4BEB-A72D-5DAF66016642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC93C60A-8D2E-44F9-B5E6-BCCEC8239B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A86E93C-7941-4105-83C5-9BD51683AA4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E548698-6582-4598-A832-B64483B8D2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AA2E29-F543-4B80-B8DD-F76187E63A3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B74BDCF-AF80-4679-8915-7D01E90BF4D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*\",\"matchCriteriaId\":\"580A8553-56D1-41F3-A8A9-5698D3FA7F12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2784485-FE0D-454D-B4EC-9F91EE396AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AD7F68-96BD-442F-BC36-091D19BC1AC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"34269139-FB46-4EF8-BE3A-7B130F25B5E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"77FD0118-11CC-41AB-9B12-030B1F6F8EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4D8788C-C718-479B-B441-B3C40F261CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFB22D92-F41A-4C35-8FD6-1A57E9A25132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*\",\"matchCriteriaId\":\"58368FE2-71A7-470B-A918-E5DB97EE5176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*\",\"matchCriteriaId\":\"612EB189-F829-4426-90CE-EBD75F91E652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*\",\"matchCriteriaId\":\"56472E25-401A-411D-9A13-3EAB65025DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*\",\"matchCriteriaId\":\"525AC31D-F470-4E09-88D8-261FFEA88C50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B32089-B410-4D62-8751-8341CC696F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*\",\"matchCriteriaId\":\"9781FB3C-386A-4CB8-B330-B707E8F56F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*\",\"matchCriteriaId\":\"880FD5EC-D796-4232-B587-A99F80FDB68E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52DFC06-3B44-4675-B7BA-18535B1499C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"83292226-E45E-4B13-963B-36FE18815939\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A5D6F9A-3326-4C74-932D-DDE4AD900D1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9739B3-070C-4D1D-BD44-E16DC23D5F3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C07F9D-27C0-4A56-97EE-D0392CFEEB96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B466BB1-D312-4F4A-9A96-1F88620A970D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0279CFA-12F5-4D73-9136-3EC240F14107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*\",\"matchCriteriaId\":\"47C060B9-CEED-4D24-BC47-FE1AF604A72C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF745A33-0FEF-47E6-B549-8349C6D63B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*\",\"matchCriteriaId\":\"363C327A-B383-4D07-9442-55254D3284E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDCF78F5-AC04-4F98-A57B-0C60C184589A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*\",\"matchCriteriaId\":\"B655ED4D-1A48-414B-AD5B-AC08644CE7E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*\",\"matchCriteriaId\":\"516E3314-C528-4DEF-B673-829094612C05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*\",\"matchCriteriaId\":\"384F3A83-DDD5-4DC2-8257-F3A14BFD79E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"2688CA0E-2A36-4BAA-88CA-CA00DDA276EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*\",\"matchCriteriaId\":\"6482DF67-9178-409D-A522-68ACF3D08208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC43E92-04B8-4F90-82C8-6DD2255B2652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BEF4B04-1014-400E-8EAA-EA3DFE968D41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1547494-C1A0-4755-8C0F-53F4084A1ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"0220E37B-EEBC-4641-AD1C-245DC249F51B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCC8914-C758-4312-8AA2-B466D5B6C00F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*\",\"matchCriteriaId\":\"31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*\",\"matchCriteriaId\":\"E449FD93-CD5D-4896-9CE1-DB42BB83A071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*\",\"matchCriteriaId\":\"271F17A5-5808-4EFB-BE1B-47A38FEA1013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6F20D8-2C63-47BD-886B-0684EEF89FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*\",\"matchCriteriaId\":\"B12BEFDE-9FB2-42E9-9638-F459FE274935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B755E3B-A128-436E-8EE7-98C7F9194D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8029B2F-D88D-4BB3-9BD2-54EE034A0C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2560BAF-E379-477A-BF68-C836543920C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD9164B-4AB4-450C-B3D9-1F14C15ABE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A59914E6-D3B8-4289-BE31-0AD2EDC81E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"430CDEEE-28CE-4712-AF95-6790775C4028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*\",\"matchCriteriaId\":\"A748119F-A5A1-4428-9BC0-1A8BE09C975C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*\",\"matchCriteriaId\":\"09CE1987-E5E5-4F54-BC6E-245F4F02EA60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3D958FD-DD4D-4732-BE86-7E254E1AAE0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*\",\"matchCriteriaId\":\"A266E261-7C7D-4C1D-BE6D-81FC5D85886D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"35251CD8-A1E6-445C-8D5F-9ABC61D84B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*\",\"matchCriteriaId\":\"51115706-5A47-4ABF-AC19-274FFEC6C055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0F44C93-7916-49FC-93C5-C215D6C279BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2F9C9C5-0196-4B28-BB68-344E6DBE189A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFCB17E7-B40B-49B9-9353-EE06FC9C08E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C917FAC-2489-4B2D-89A6-CF9E47B6983D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*\",\"matchCriteriaId\":\"16872138-6AF5-418F-998F-1220DA602AE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"3211336E-0EE6-4676-AEFA-A778176C0ECE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*\",\"matchCriteriaId\":\"387ABF04-9630-4016-B627-E35547970637\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"8346B11B-55C9-4043-AF27-138CFCC64850\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"031909CF-1F8B-494A-9A0A-E6B88ECD9E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*\",\"matchCriteriaId\":\"965AEAF6-AC84-4745-9707-BBB515C80FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*\",\"matchCriteriaId\":\"502FFF92-072B-451A-ADA8-5FCA59362C47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E72F2E-48C8-410C-BC9D-732F6E22BA27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DA38E7D-AB43-4384-A78E-820B46093345\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C62E25-9929-46E0-8712-2D84DB9811ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*\",\"matchCriteriaId\":\"57480EC4-3D0F-4AD6-BC9C-162702C58336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*\",\"matchCriteriaId\":\"B403CD58-F0F3-4A1E-BBAC-E33B44AD4746\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"492760AF-E6C3-490B-B3E9-F354BAFA9B7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"788DD7CA-B34B-4036-86BB-80A9361BE4C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*\",\"matchCriteriaId\":\"0634647A-003A-4AE2-8A1E-1220BB949EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*\",\"matchCriteriaId\":\"C077D8E8-BF51-4365-8067-AF88C60BFFC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*\",\"matchCriteriaId\":\"38250370-0B8F-4C3A-8309-19EFE912C7A2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235DC57F-22B8-4219-9499-7D005D90A654\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.5.0\",\"versionEndIncluding\":\"11.7.0\",\"matchCriteriaId\":\"6EC0B307-B9D2-497B-81CF-B435ABFB1CFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEFE7E72-D419-4040-81AB-B4934C13909F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"36FC547E-861A-418C-A314-DA09A457B13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"DF9FEE51-50E3-41E9-AA0D-272A640F85CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"E69E905F-2E1A-4462-9082-FF7B10474496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"0F9B692C-8986-4F91-9EF4-2BB1E3B5C133\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DA6839-849D-4CEF-85F3-38FE75E07183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55AE3629-4A66-49E4-A33D-6D81CC94962F\"}]}]}],\"references\":[{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190509-0003/\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4949\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190509-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4949\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.