Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-10241

Опубликовано: 22 апр. 2019
Источник: nvd
CVSS3: 6.1
CVSS2: 4.3
EPSS Низкий

Описание

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*
cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
Версия от 11.5.0 (включая) до 11.7.0 (включая)
cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.09806
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2019-10241

CVSS3: 6.1
ubuntu
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

redhat логотип

CVE-2019-10241

CVSS3: 4.7
redhat
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

debian логотип

CVE-2019-10241

CVSS3: 6.1
debian
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...

github логотип

GHSA-7vx9-xjhr-rw6h

CVSS3: 6.1
github
почти 7 лет назад

Cross-site Scripting in Eclipse Jetty

fstec логотип

BDU:2019-04283

CVSS3: 6.1
fstec
почти 7 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки

EPSS

Процентиль: 93%
0.09806
Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79
CWE-79