Описание
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | jetty-eclipse | Not affected | ||
| Red Hat Enterprise Linux 7 | jetty | Not affected | ||
| Red Hat Fuse 7 | jetty | Not affected | ||
| Red Hat JBoss Fuse 6 | jetty | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | jetty | Out of support scope | ||
| Red Hat Satellite 5 | nutch | Out of support scope | ||
| Red Hat Single Sign-On 7 | jetty | Not affected | ||
| Red Hat Software Collections | rh-java-common-jetty | Not affected |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4. ...
Unescaped exception messages in error responses in Jetty
6.1 Medium
CVSS3