Описание
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
A flaw was found in Eclipse Jetty. This issue may lead to exposure of the fully qualified Base Resource directory name on Windows to a remote client when configured to show a listing of directory contents. By sending a specially-crafted request, a remote attacker could obtain sensitive information.
Отчет
This CVE only impacts users using Eclipse Jetty on Windows.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | jetty | Not affected |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server runnin ...
Information Exposure vulnerability in Eclipse Jetty
Уязвимость контейнера сервлетов Eclipse Jetty, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
5.3 Medium
CVSS3