gsd-2019-10241
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-10241", "description": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.", "id": "GSD-2019-10241", "references": [ "https://www.suse.com/security/cve/CVE-2019-10241.html", "https://www.debian.org/security/2021/dsa-4949", "https://access.redhat.com/errata/RHSA-2020:1445", "https://access.redhat.com/errata/RHSA-2020:0983", "https://access.redhat.com/errata/RHSA-2020:0922" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-10241" ], "details": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.", "id": "GSD-2019-10241", "modified": "2023-12-13T01:23:59.854841Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-10241", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "9.2.26" }, { "version_affected": "\u003c=", "version_value": "9.3.25" }, { "version_affected": "\u003c=", "version_value": "9.4.15" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E" }, { "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121" }, { "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html" }, { "name": "DSA-4949", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4949" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[9.2.0.M0,9.2.26.v20180806],[9.3.0.M0,9.3.25.v20180904], [9.4.0.M0,9.4.15.v20190215]", "affected_versions": "All versions starting from 9.2.0.M0 up to 9.2.26.v20180806, all versions starting from 9.3.0.M0 up to 9.3.25.v20180904, all versions starting from 9.4.0.M0 up to 9.4.15.v20190215", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2019-07-23", "description": "Jetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a Listing of directory contents.", "fixed_versions": [ "9.2.27.v20190403", "9.3.26.v20190403", "9.4.16.v20190411" ], "identifier": "CVE-2019-10241", "identifiers": [ "CVE-2019-10241" ], "not_impacted": "All versions before 9.2.0.M0, all versions after 9.2.26.v20180806 before 9.3.0.M0, all versions after 9.3.25.v20180904 before 9.4.0.M0, all versions after 9.4.15.v20190215", "package_slug": "maven/org.eclipse.jetty/jetty-http", "pubdate": "2019-04-22", "solution": "Upgrade to versions 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or above.", "title": "Cross-site Scripting", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-10241", "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121" ], "uuid": "532ab930-060e-43ef-9af6-7df7a65c8c80" }, { "affected_range": "[9.2.0,9.2.26],[9.3.0,9.3.25],[9.4.0,9.4.15]", "affected_versions": "All versions starting from 9.2.0 up to 9.2.26, all versions starting from 9.3.0 up to 9.3.25, all versions starting from 9.4.0 up to 9.4.15", "credit": "Joakim Erdfelt", "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "cwe_ids": [ "CWE-1035", "CWE-79", "CWE-937" ], "date": "2019-07-23", "description": "Eclipse Jetty server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a Listing of directory contents.", "fixed_versions": [ "9.2.27.v20190403", "9.3.26.v20190403", "9.4.16.v20190411" ], "identifier": "CVE-2019-10241", "identifiers": [ "CVE-2019-10241" ], "not_impacted": "All versions before 9.2.0, all versions after 9.2.26 before 9.3.0, all versions after 9.3.25 before 9.4.0, all versions after 9.4.15", "package_slug": "maven/org.eclipse.jetty/jetty-server", "pubdate": "2019-04-22", "solution": "Upgrade to versions 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or above.", "title": "Cross-Site Scripting", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2019-10241", "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121" ], "uuid": "9e8aa345-0caf-4d16-9b18-b29ab33f5b40" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.7.0", "versionStartIncluding": "11.5.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-10241" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-79" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Vendor Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121" }, { "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E" }, { "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E" }, { "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E" }, { "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/" }, { "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" }, { "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html" }, { "name": "DSA-4949", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4949" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } }, "lastModifiedDate": "2022-04-22T20:06Z", "publishedDate": "2019-04-22T20:29Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.