Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10241

Опубликовано: 22 апр. 2019
Источник: redhat
CVSS3: 4.7
EPSS Низкий

Описание

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Отчет

This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6jetty-eclipseOut of support scope
Red Hat Enterprise Linux 7jettyWill not fix
Red Hat Fuse 7jettyAffected
Red Hat JBoss A-MQ 6jettyOut of support scope
Red Hat JBoss Fuse 6jettyOut of support scope
Red Hat Satellite 5nutchOut of support scope
Red Hat Software Collectionsrh-java-common-jettyWill not fix
Red Hat AMQjettyFixedRHSA-2020:092223.03.2020
Red Hat AMQ 7.4.3jettyFixedRHSA-2020:144514.04.2020
Red Hat Fuse 7.6.0FixedRHSA-2020:098326.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1705924jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions

EPSS

Процентиль: 93%
0.09852
Низкий

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-10241

CVSS3: 6.1
ubuntu
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

nvd логотип

CVE-2019-10241

CVSS3: 6.1
nvd
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

debian логотип

CVE-2019-10241

CVSS3: 6.1
debian
почти 7 лет назад

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.1 ...

github логотип

GHSA-7vx9-xjhr-rw6h

CVSS3: 6.1
github
почти 7 лет назад

Cross-site Scripting in Eclipse Jetty

fstec логотип

BDU:2019-04283

CVSS3: 6.1
fstec
почти 7 лет назад

Уязвимость контейнера сервлетов Eclipse Jetty, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки

EPSS

Процентиль: 93%
0.09852
Низкий

4.7 Medium

CVSS3