CVE-2019-10241
22.04.2019, 20:29
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
| Vendor | Product | Version |
|---|---|---|
| eclipse | jetty | 9.2.0:20140523 |
| eclipse | jetty | 9.2.0:20140526 |
| eclipse | jetty | 9.2.0:maintenance_0 |
| eclipse | jetty | 9.2.0:maintenance_1 |
| eclipse | jetty | 9.2.0:rc0 |
| eclipse | jetty | 9.2.1:20140609 |
| eclipse | jetty | 9.2.2:20140723 |
| eclipse | jetty | 9.2.3:20140905 |
| eclipse | jetty | 9.2.4:20141103 |
| eclipse | jetty | 9.2.5:20141112 |
| eclipse | jetty | 9.2.6:20141203 |
| eclipse | jetty | 9.2.6:20141205 |
| eclipse | jetty | 9.2.7:20150116 |
| eclipse | jetty | 9.2.8:20150217 |
| eclipse | jetty | 9.2.9:20150224 |
| eclipse | jetty | 9.2.10:20150310 |
| eclipse | jetty | 9.2.11:20150528 |
| eclipse | jetty | 9.2.11:20150529 |
| eclipse | jetty | 9.2.11:maintenance_0 |
| eclipse | jetty | 9.2.12:20150709 |
| eclipse | jetty | 9.2.12:maintenance_0 |
| eclipse | jetty | 9.2.13:20150730 |
| eclipse | jetty | 9.2.14:20151106 |
| eclipse | jetty | 9.2.15:20160210 |
| eclipse | jetty | 9.2.16:20160407 |
| eclipse | jetty | 9.2.16:20160414 |
| eclipse | jetty | 9.2.17:20160517 |
| eclipse | jetty | 9.2.18:20160721 |
| eclipse | jetty | 9.2.19:20160908 |
| eclipse | jetty | 9.2.20:20161216 |
| eclipse | jetty | 9.2.21:20170120 |
| eclipse | jetty | 9.2.22:20170606 |
| eclipse | jetty | 9.2.23:20171218 |
| eclipse | jetty | 9.2.24:20180105 |
| eclipse | jetty | 9.2.25:20180606 |
| eclipse | jetty | 9.2.26:20180806 |
| eclipse | jetty | 9.3.0:20150601 |
| eclipse | jetty | 9.3.0:20150608 |
| eclipse | jetty | 9.3.0:20150612 |
| eclipse | jetty | 9.3.0:maintenance0 |
| eclipse | jetty | 9.3.0:maintenance1 |
| eclipse | jetty | 9.3.0:maintenance2 |
| eclipse | jetty | 9.3.0:rc0 |
| eclipse | jetty | 9.3.0:rc1 |
| eclipse | jetty | 9.3.1:20150714 |
| eclipse | jetty | 9.3.2:20150730 |
| eclipse | jetty | 9.3.3:20150825 |
| eclipse | jetty | 9.3.3:20150827 |
| eclipse | jetty | 9.3.4:20151005 |
| eclipse | jetty | 9.3.4:20151007 |
| eclipse | jetty | 9.3.4:rc0 |
| eclipse | jetty | 9.3.4:rc1 |
| eclipse | jetty | 9.3.5:20151012 |
| eclipse | jetty | 9.3.6:20151106 |
| eclipse | jetty | 9.3.7:20160115 |
| eclipse | jetty | 9.3.7:rc0 |
| eclipse | jetty | 9.3.7:rc1 |
| eclipse | jetty | 9.3.8:20160311 |
| eclipse | jetty | 9.3.8:20160314 |
| eclipse | jetty | 9.3.8:rc0 |
| eclipse | jetty | 9.3.9:20160517 |
| eclipse | jetty | 9.3.9:maintenance_0 |
| eclipse | jetty | 9.3.9:maintenance_1 |
| eclipse | jetty | 9.3.10:20160621 |
| eclipse | jetty | 9.3.10:maintenance_0 |
| eclipse | jetty | 9.3.11:20160721 |
| eclipse | jetty | 9.3.11:maintenance_0 |
| eclipse | jetty | 9.3.12:20160915 |
| eclipse | jetty | 9.3.13:20161014 |
| eclipse | jetty | 9.3.13:maintenance_0 |
| eclipse | jetty | 9.3.14:20161028 |
| eclipse | jetty | 9.3.15:20161220 |
| eclipse | jetty | 9.3.16:20170119 |
| eclipse | jetty | 9.3.16:20170120 |
| eclipse | jetty | 9.3.17:20170317 |
| eclipse | jetty | 9.3.17:rc0 |
| eclipse | jetty | 9.3.18:20170406 |
| eclipse | jetty | 9.3.19:20170502 |
| eclipse | jetty | 9.3.20:20170531 |
| eclipse | jetty | 9.3.21:20170918 |
| eclipse | jetty | 9.3.21:maintenance_0 |
| eclipse | jetty | 9.3.21:rc0 |
| eclipse | jetty | 9.3.22:20171030 |
| eclipse | jetty | 9.3.23:20180228 |
| eclipse | jetty | 9.3.24:20180605 |
| eclipse | jetty | 9.3.25:20180904 |
| eclipse | jetty | 9.4.0:20161207 |
| eclipse | jetty | 9.4.0:20161208 |
| eclipse | jetty | 9.4.0:20180619 |
| eclipse | jetty | 9.4.0:maintenance_0 |
| eclipse | jetty | 9.4.0:maintenance_1 |
| eclipse | jetty | 9.4.0:rc0 |
| eclipse | jetty | 9.4.0:rc1 |
| eclipse | jetty | 9.4.0:rc2 |
| eclipse | jetty | 9.4.0:rc3 |
| eclipse | jetty | 9.4.1:20170120 |
| eclipse | jetty | 9.4.1:20180619 |
| eclipse | jetty | 9.4.2:20170220 |
| eclipse | jetty | 9.4.2:20180619 |
| eclipse | jetty | 9.4.3:20170317 |
| eclipse | jetty | 9.4.3:20180619 |
| eclipse | jetty | 9.4.4:20170410 |
| eclipse | jetty | 9.4.4:20170414 |
| eclipse | jetty | 9.4.4:20180619 |
| eclipse | jetty | 9.4.5:20170502 |
| eclipse | jetty | 9.4.5:20180619 |
| eclipse | jetty | 9.4.6:20170531 |
| eclipse | jetty | 9.4.6:20180619 |
| eclipse | jetty | 9.4.7:20170914 |
| eclipse | jetty | 9.4.7:20180619 |
| eclipse | jetty | 9.4.7:rc0 |
| eclipse | jetty | 9.4.8:20171121 |
| eclipse | jetty | 9.4.8:20180619 |
| eclipse | jetty | 9.4.9:20180320 |
| eclipse | jetty | 9.4.10:20180503 |
| eclipse | jetty | 9.4.10:rc0 |
| eclipse | jetty | 9.4.10:rc1 |
| eclipse | jetty | 9.4.11:20180605 |
| eclipse | jetty | 9.4.12:20180830 |
| eclipse | jetty | 9.4.12:rc0 |
| eclipse | jetty | 9.4.12:rc1 |
| eclipse | jetty | 9.4.12:rc2 |
| eclipse | jetty | 9.4.13:20181111 |
| eclipse | jetty | 9.4.14:20181114 |
| eclipse | jetty | 9.4.15:20190215 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| apache | activemq | 5.15.9 |
| apache | drill | 1.16.0 |
| oracle | flexcube_core_banking | 11.5.0 ≤ 𝑥 ≤ 11.7.0 |
| oracle | flexcube_core_banking | 5.2.0 |
| oracle | rest_data_services | 11.2.0.4 |
| oracle | rest_data_services | 12.1.0.2 |
| oracle | rest_data_services | 12.2.0.1 |
| oracle | retail_xstore_point_of_service | 7.1 |
| oracle | retail_xstore_point_of_service | 15.0 |
| oracle | retail_xstore_point_of_service | 16.0 |
| oracle | retail_xstore_point_of_service | 17.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| jetty |
| ||||||||||||||||||||||||||||||
| jetty8 |
| ||||||||||||||||||||||||||||||
| jetty9 |
|
References