CVE-2019-10247

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
eclipseCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
eclipsejetty
7.0.0:20091005
eclipsejetty
7.0.0:maintenance_0
eclipsejetty
7.0.0:maintenance_1
eclipsejetty
7.0.0:maintenance_2
eclipsejetty
7.0.0:maintenance_3
eclipsejetty
7.0.0:maintenance_4
eclipsejetty
7.0.0:rc0
eclipsejetty
7.0.0:rc1
eclipsejetty
7.0.0:rc3
eclipsejetty
7.0.0:rc4
eclipsejetty
7.0.0:rc5
eclipsejetty
7.0.0:rc6
eclipsejetty
7.0.1:20091125
eclipsejetty
7.0.2:20100331
eclipsejetty
7.0.2:rc0
eclipsejetty
7.1.0:20100505
eclipsejetty
7.1.0:rc0
eclipsejetty
7.1.0:rc1
eclipsejetty
7.1.1:20100517
eclipsejetty
7.1.2:20100523
eclipsejetty
7.1.3:20100526
eclipsejetty
7.1.4:20100610
eclipsejetty
7.1.5:20100705
eclipsejetty
7.1.6:20100715
eclipsejetty
7.2.0:20101020
eclipsejetty
7.2.0:rc0
eclipsejetty
7.2.1:20101111
eclipsejetty
7.2.2:20101205
eclipsejetty
7.3.0:20110203
eclipsejetty
7.3.1:20110307
eclipsejetty
7.4.0:20110414
eclipsejetty
7.4.0:rc0
eclipsejetty
7.4.1:20110513
eclipsejetty
7.4.2:20110526
eclipsejetty
7.4.3:20110630
eclipsejetty
7.4.3:20110701
eclipsejetty
7.4.4:20110707
eclipsejetty
7.4.5:20110725
eclipsejetty
7.5.0:20110901
eclipsejetty
7.5.0:rc0
eclipsejetty
7.5.0:rc1
eclipsejetty
7.5.0:rc2
eclipsejetty
7.5.1:20110908
eclipsejetty
7.5.2:20111006
eclipsejetty
7.5.3:20111011
eclipsejetty
7.5.4:20111024
eclipsejetty
7.6.0:20120125
eclipsejetty
7.6.0:20120127
eclipsejetty
7.6.0:rc0
eclipsejetty
7.6.0:rc1
eclipsejetty
7.6.0:rc2
eclipsejetty
7.6.0:rc3
eclipsejetty
7.6.0:rc4
eclipsejetty
7.6.0:rc5
eclipsejetty
7.6.1:20120215
eclipsejetty
7.6.2:20120302
eclipsejetty
7.6.2:20120308
eclipsejetty
7.6.3:20120413
eclipsejetty
7.6.3:20120416
eclipsejetty
7.6.4:20120522
eclipsejetty
7.6.4:20120524
eclipsejetty
7.6.5:20120713
eclipsejetty
7.6.5:20120716
eclipsejetty
7.6.6:20120903
eclipsejetty
7.6.7:20120910
eclipsejetty
7.6.8:20121106
eclipsejetty
7.6.9:20130131
eclipsejetty
7.6.10:20130312
eclipsejetty
7.6.11:20130520
eclipsejetty
7.6.11:20130725
eclipsejetty
7.6.12:20130726
eclipsejetty
7.6.13:20130910
eclipsejetty
7.6.13:20130916
eclipsejetty
7.6.14:20131031
eclipsejetty
7.6.15:20140411
eclipsejetty
7.6.16:20140903
eclipsejetty
7.6.17:20150415
eclipsejetty
7.6.18:20150929
eclipsejetty
7.6.19:20160209
eclipsejetty
7.6.20:20160902
eclipsejetty
7.6.21:20160908
eclipsejetty
8.0.0:20110901
eclipsejetty
8.0.0:maintenance_0
eclipsejetty
8.0.0:maintenance_1
eclipsejetty
8.0.0:maintenance_2
eclipsejetty
8.0.0:maintenance_3
eclipsejetty
8.0.0:rc0
eclipsejetty
8.0.1:20110908
eclipsejetty
8.0.2:20111006
eclipsejetty
8.0.3:20111011
eclipsejetty
8.0.4:20111024
eclipsejetty
8.1.0:20120127
eclipsejetty
8.1.0:rc0
eclipsejetty
8.1.0:rc1
eclipsejetty
8.1.0:rc2
eclipsejetty
8.1.0:rc4
eclipsejetty
8.1.0:rc5
eclipsejetty
8.1.1:20120215
eclipsejetty
8.1.2:20120302
eclipsejetty
8.1.2:20120308
eclipsejetty
8.1.3:20120416
eclipsejetty
8.1.4:20120524
eclipsejetty
8.1.5:20120713
eclipsejetty
8.1.5:20120716
eclipsejetty
8.1.6:20120903
eclipsejetty
8.1.7:20120910
eclipsejetty
8.1.8:20121106
eclipsejetty
8.1.9:20130131
eclipsejetty
8.1.10:20130312
eclipsejetty
8.1.11:20130520
eclipsejetty
8.1.12:20130725
eclipsejetty
8.1.12:20130726
eclipsejetty
8.1.13:20130910
eclipsejetty
8.1.13:20130916
eclipsejetty
8.1.14:20131031
eclipsejetty
8.1.15:20140411
eclipsejetty
8.1.16:20140903
eclipsejetty
8.1.17:20150415
eclipsejetty
8.1.18:20150929
eclipsejetty
8.1.19:20160209
eclipsejetty
8.1.20:20160902
eclipsejetty
8.1.21:20160908
eclipsejetty
8.1.22:20160922
eclipsejetty
8.2.0:20160908
eclipsejetty
9.0.0:20130308
eclipsejetty
9.0.0:m5
eclipsejetty
9.0.0:maintenance_0
eclipsejetty
9.0.0:maintenance_1
eclipsejetty
9.0.0:maintenance_2
eclipsejetty
9.0.0:maintenance_3
eclipsejetty
9.0.0:maintenance_4
eclipsejetty
9.0.0:maintenance_5
eclipsejetty
9.0.0:rc0
eclipsejetty
9.0.0:rc1
eclipsejetty
9.0.0:rc2
eclipsejetty
9.0.0:rc3
eclipsejetty
9.0.1:20130408
eclipsejetty
9.0.2:20130417
eclipsejetty
9.0.2:20140415
eclipsejetty
9.0.3:20130506
eclipsejetty
9.0.4:20130621
eclipsejetty
9.0.4:20130625
eclipsejetty
9.0.5:20130813
eclipsejetty
9.0.5:20130815
eclipsejetty
9.0.6:20130919
eclipsejetty
9.0.6:20130930
eclipsejetty
9.0.7:20131031
eclipsejetty
9.0.7:20131107
eclipsejetty
9.1.0:20131115
eclipsejetty
9.1.0:maintenance_0
eclipsejetty
9.1.0:rc0
eclipsejetty
9.1.0:rc1
eclipsejetty
9.1.0:rc2
eclipsejetty
9.1.1:20140108
eclipsejetty
9.1.2:20140210
eclipsejetty
9.1.3:20140225
eclipsejetty
9.1.4:20140401
eclipsejetty
9.1.5:20140505
eclipsejetty
9.1.6:20151106
eclipsejetty
9.1.6:20160112
eclipsejetty
9.2.0:20140523
eclipsejetty
9.2.0:20140526
eclipsejetty
9.2.0:maintenance_0
eclipsejetty
9.2.0:maintenance_1
eclipsejetty
9.2.0:rc0
eclipsejetty
9.2.1:20140609
eclipsejetty
9.2.2:20140723
eclipsejetty
9.2.3:20140905
eclipsejetty
9.2.4:20141103
eclipsejetty
9.2.5:20141112
eclipsejetty
9.2.6:20141203
eclipsejetty
9.2.6:20141205
eclipsejetty
9.2.7:20150116
eclipsejetty
9.2.8:20150217
eclipsejetty
9.2.9:20150224
eclipsejetty
9.2.10:20150310
eclipsejetty
9.2.11:20150528
eclipsejetty
9.2.11:20150529
eclipsejetty
9.2.11:maintenance_0
eclipsejetty
9.2.12:20150709
eclipsejetty
9.2.12:maintenance_0
eclipsejetty
9.2.13:20150730
eclipsejetty
9.2.14:20151106
eclipsejetty
9.2.15:20160210
eclipsejetty
9.2.16:20160407
eclipsejetty
9.2.16:20160414
eclipsejetty
9.2.17:20160517
eclipsejetty
9.2.18:20160721
eclipsejetty
9.2.19:20160908
eclipsejetty
9.2.20:20161216
eclipsejetty
9.2.21:20170120
eclipsejetty
9.2.22:20170606
eclipsejetty
9.2.23:20171218
eclipsejetty
9.2.24:20180105
eclipsejetty
9.2.25:20180606
eclipsejetty
9.2.26:20180806
eclipsejetty
9.2.27:20190403
eclipsejetty
9.3.0:20150601
eclipsejetty
9.3.0:20150608
eclipsejetty
9.3.0:20150612
eclipsejetty
9.3.0:maintenance0
eclipsejetty
9.3.0:maintenance1
eclipsejetty
9.3.0:maintenance2
eclipsejetty
9.3.0:rc0
eclipsejetty
9.3.0:rc1
eclipsejetty
9.3.1:20150714
eclipsejetty
9.3.2:20150730
eclipsejetty
9.3.3:20150825
eclipsejetty
9.3.3:20150827
eclipsejetty
9.3.4:20151005
eclipsejetty
9.3.4:20151007
eclipsejetty
9.3.4:rc0
eclipsejetty
9.3.4:rc1
eclipsejetty
9.3.5:20151012
eclipsejetty
9.3.6:20151106
eclipsejetty
9.3.7:20160115
eclipsejetty
9.3.7:rc0
eclipsejetty
9.3.7:rc1
eclipsejetty
9.3.8:20160311
eclipsejetty
9.3.8:20160314
eclipsejetty
9.3.8:rc0
eclipsejetty
9.3.9:20160517
eclipsejetty
9.3.9:maintenance_0
eclipsejetty
9.3.9:maintenance_1
eclipsejetty
9.3.10:20160621
eclipsejetty
9.3.10:maintenance_0
eclipsejetty
9.3.11:20160721
eclipsejetty
9.3.11:maintenance_0
eclipsejetty
9.3.12:20160915
eclipsejetty
9.3.13:20161014
eclipsejetty
9.3.13:maintenance_0
eclipsejetty
9.3.14:20161028
eclipsejetty
9.3.15:20161220
eclipsejetty
9.3.16:20170119
eclipsejetty
9.3.16:20170120
eclipsejetty
9.3.17:20170317
eclipsejetty
9.3.17:rc0
eclipsejetty
9.3.18:20170406
eclipsejetty
9.3.19:20170502
eclipsejetty
9.3.20:20170531
eclipsejetty
9.3.21:20170918
eclipsejetty
9.3.21:maintenance_0
eclipsejetty
9.3.21:rc0
eclipsejetty
9.3.22:20171030
eclipsejetty
9.3.23:20180228
eclipsejetty
9.3.24:20180605
eclipsejetty
9.3.25:20180904
eclipsejetty
9.3.26:20190403
eclipsejetty
9.4.0:20161207
eclipsejetty
9.4.0:20161208
eclipsejetty
9.4.0:20180619
eclipsejetty
9.4.0:maintenance_0
eclipsejetty
9.4.0:maintenance_1
eclipsejetty
9.4.0:rc0
eclipsejetty
9.4.0:rc1
eclipsejetty
9.4.0:rc2
eclipsejetty
9.4.0:rc3
eclipsejetty
9.4.1:20170120
eclipsejetty
9.4.1:20180619
eclipsejetty
9.4.2:20170220
eclipsejetty
9.4.2:20180619
eclipsejetty
9.4.3:20170317
eclipsejetty
9.4.3:20180619
eclipsejetty
9.4.4:20170410
eclipsejetty
9.4.4:20170414
eclipsejetty
9.4.4:20180619
eclipsejetty
9.4.5:20170502
eclipsejetty
9.4.5:20180619
eclipsejetty
9.4.6:20170531
eclipsejetty
9.4.6:20180619
eclipsejetty
9.4.7:20170914
eclipsejetty
9.4.7:20180619
eclipsejetty
9.4.7:rc0
eclipsejetty
9.4.8:20171121
eclipsejetty
9.4.8:20180619
eclipsejetty
9.4.9:20180320
eclipsejetty
9.4.10:20180503
eclipsejetty
9.4.10:rc0
eclipsejetty
9.4.10:rc1
eclipsejetty
9.4.11:20180605
eclipsejetty
9.4.12:20180830
eclipsejetty
9.4.12:rc0
eclipsejetty
9.4.12:rc1
eclipsejetty
9.4.12:rc2
eclipsejetty
9.4.13:20181111
eclipsejetty
9.4.14:20181114
eclipsejetty
9.4.15:20190215
netapponcommand_system_manager
3.0 ≤
𝑥
≤ 3.1.3
netappsnap_creator_framework
-
netappsnapcenter
-
netappsnapmanager
-
netappsnapmanager
-
netappstorage_replication_adapter_for_clustered_data_ontap
9.6 ≤
netappstorage_services_connector
-
netappvasa_provider_for_clustered_data_ontap
9.6 ≤
netappvirtual_storage_console
9.6 ≤
netappelement
-
oracleautovue
21.0.2
oraclecommunications_analytics
12.1.1
oraclecommunications_element_manager
8.0.0
oraclecommunications_element_manager
8.1.0
oraclecommunications_element_manager
8.1.1
oraclecommunications_element_manager
8.2.0
oraclecommunications_services_gatekeeper
6.0
oraclecommunications_services_gatekeeper
6.1
oraclecommunications_services_gatekeeper
7.0
oraclecommunications_session_report_manager
8.0.0
oraclecommunications_session_report_manager
8.1.0
oraclecommunications_session_report_manager
8.1.1
oraclecommunications_session_report_manager
8.2.0
oraclecommunications_session_route_manager
8.0.0
oraclecommunications_session_route_manager
8.1.0
oraclecommunications_session_route_manager
8.1.1
oraclecommunications_session_route_manager
8.2.0
oracledata_integrator
12.2.1.3.0
oracledata_integrator
12.2.1.4.0
oracleendeca_information_discovery_integrator
3.2.0
oracleenterprise_manager_base_platform
13.2
oracleenterprise_manager_base_platform
13.3
oracleflexcube_core_banking
11.5.0 ≤
𝑥
≤ 11.7.0
oracleflexcube_core_banking
5.2.0
oracleflexcube_private_banking
12.0.0
oracleflexcube_private_banking
12.1.0
oraclefmw_platform
12.2.1.3.0
oraclefmw_platform
12.2.1.4.0
oraclehospitality_guest_access
4.2.0
oraclehospitality_guest_access
4.2.1
oracleretail_xstore_point_of_service
7.1
oracleretail_xstore_point_of_service
15.0
oracleretail_xstore_point_of_service
16.0
oracleretail_xstore_point_of_service
17.0
oracleunified_directory
12.2.1.3.0
oracleunified_directory
12.2.1.4.0
debiandebian_linux
9.0
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jetty9
bullseye (security)
9.4.50-4+deb11u2
fixed
bullseye
9.4.50-4+deb11u2
fixed
jessie
no-dsa
bookworm
9.4.50-4+deb12u3
fixed
bookworm (security)
9.4.50-4+deb12u3
fixed
sid
9.4.56-1
fixed
trixie
9.4.56-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jetty
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
xenial
needed
trusty
needed
jetty8
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
xenial
needed
trusty
needed
jetty9
noble
needed
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needed
impish
ignored
hirsute
ignored
groovy
ignored
focal
needed
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needed
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
https://security.netapp.com/advisory/ntap-20190509-0003/
https://www.debian.org/security/2021/dsa-4949
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
https://security.netapp.com/advisory/ntap-20190509-0003/
https://www.debian.org/security/2021/dsa-4949
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html