CVE-2019-10241

EPSS 25.44%
Published 22.04.2019 20:29:00
Last modified 21.11.2024 04:18:43
Source emo@eclipse.org
Teams watchlist Login
Open Login

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Affected products Warnungen 0 Metrics 3 CWE 1 References 18

Data is provided by the National Vulnerability Database (NVD)

Eclipse ≫ Jetty Version9.2.0 Update20140523

Eclipse ≫ Jetty Version9.2.0 Update20140526

Eclipse ≫ Jetty Version9.2.0 Updatemaintenance_0

Eclipse ≫ Jetty Version9.2.0 Updatemaintenance_1

Eclipse ≫ Jetty Version9.2.0 Updaterc0

Eclipse ≫ Jetty Version9.2.1 Update20140609

Eclipse ≫ Jetty Version9.2.2 Update20140723

Eclipse ≫ Jetty Version9.2.3 Update20140905

Eclipse ≫ Jetty Version9.2.4 Update20141103

Eclipse ≫ Jetty Version9.2.5 Update20141112

Eclipse ≫ Jetty Version9.2.6 Update20141203

Eclipse ≫ Jetty Version9.2.6 Update20141205

Eclipse ≫ Jetty Version9.2.7 Update20150116

Eclipse ≫ Jetty Version9.2.8 Update20150217

Eclipse ≫ Jetty Version9.2.9 Update20150224

Eclipse ≫ Jetty Version9.2.10 Update20150310

Eclipse ≫ Jetty Version9.2.11 Update20150528

Eclipse ≫ Jetty Version9.2.11 Update20150529

Eclipse ≫ Jetty Version9.2.11 Updatemaintenance_0

Eclipse ≫ Jetty Version9.2.12 Update20150709

Eclipse ≫ Jetty Version9.2.12 Updatemaintenance_0

Eclipse ≫ Jetty Version9.2.13 Update20150730

Eclipse ≫ Jetty Version9.2.14 Update20151106

Eclipse ≫ Jetty Version9.2.15 Update20160210

Eclipse ≫ Jetty Version9.2.16 Update20160407

Eclipse ≫ Jetty Version9.2.16 Update20160414

Eclipse ≫ Jetty Version9.2.17 Update20160517

Eclipse ≫ Jetty Version9.2.18 Update20160721

Eclipse ≫ Jetty Version9.2.19 Update20160908

Eclipse ≫ Jetty Version9.2.20 Update20161216

Eclipse ≫ Jetty Version9.2.21 Update20170120

Eclipse ≫ Jetty Version9.2.22 Update20170606

Eclipse ≫ Jetty Version9.2.23 Update20171218

Eclipse ≫ Jetty Version9.2.24 Update20180105

Eclipse ≫ Jetty Version9.2.25 Update20180606

Eclipse ≫ Jetty Version9.2.26 Update20180806

Eclipse ≫ Jetty Version9.3.0 Update20150601

Eclipse ≫ Jetty Version9.3.0 Update20150608

Eclipse ≫ Jetty Version9.3.0 Update20150612

Eclipse ≫ Jetty Version9.3.0 Updatemaintenance0

Eclipse ≫ Jetty Version9.3.0 Updatemaintenance1

Eclipse ≫ Jetty Version9.3.0 Updatemaintenance2

Eclipse ≫ Jetty Version9.3.0 Updaterc0

Eclipse ≫ Jetty Version9.3.0 Updaterc1

Eclipse ≫ Jetty Version9.3.1 Update20150714

Eclipse ≫ Jetty Version9.3.2 Update20150730

Eclipse ≫ Jetty Version9.3.3 Update20150825

Eclipse ≫ Jetty Version9.3.3 Update20150827

Eclipse ≫ Jetty Version9.3.4 Update20151005

Eclipse ≫ Jetty Version9.3.4 Update20151007

Eclipse ≫ Jetty Version9.3.4 Updaterc0

Eclipse ≫ Jetty Version9.3.4 Updaterc1

Eclipse ≫ Jetty Version9.3.5 Update20151012

Eclipse ≫ Jetty Version9.3.6 Update20151106

Eclipse ≫ Jetty Version9.3.7 Update20160115

Eclipse ≫ Jetty Version9.3.7 Updaterc0

Eclipse ≫ Jetty Version9.3.7 Updaterc1

Eclipse ≫ Jetty Version9.3.8 Update20160311

Eclipse ≫ Jetty Version9.3.8 Update20160314

Eclipse ≫ Jetty Version9.3.8 Updaterc0

Eclipse ≫ Jetty Version9.3.9 Update20160517

Eclipse ≫ Jetty Version9.3.9 Updatemaintenance_0

Eclipse ≫ Jetty Version9.3.9 Updatemaintenance_1

Eclipse ≫ Jetty Version9.3.10 Update20160621

Eclipse ≫ Jetty Version9.3.10 Updatemaintenance_0

Eclipse ≫ Jetty Version9.3.11 Update20160721

Eclipse ≫ Jetty Version9.3.11 Updatemaintenance_0

Eclipse ≫ Jetty Version9.3.12 Update20160915

Eclipse ≫ Jetty Version9.3.13 Update20161014

Eclipse ≫ Jetty Version9.3.13 Updatemaintenance_0

Eclipse ≫ Jetty Version9.3.14 Update20161028

Eclipse ≫ Jetty Version9.3.15 Update20161220

Eclipse ≫ Jetty Version9.3.16 Update20170119

Eclipse ≫ Jetty Version9.3.16 Update20170120

Eclipse ≫ Jetty Version9.3.17 Update20170317

Eclipse ≫ Jetty Version9.3.17 Updaterc0

Eclipse ≫ Jetty Version9.3.18 Update20170406

Eclipse ≫ Jetty Version9.3.19 Update20170502

Eclipse ≫ Jetty Version9.3.20 Update20170531

Eclipse ≫ Jetty Version9.3.21 Update20170918

Eclipse ≫ Jetty Version9.3.21 Updatemaintenance_0

Eclipse ≫ Jetty Version9.3.21 Updaterc0

Eclipse ≫ Jetty Version9.3.22 Update20171030

Eclipse ≫ Jetty Version9.3.23 Update20180228

Eclipse ≫ Jetty Version9.3.24 Update20180605

Eclipse ≫ Jetty Version9.3.25 Update20180904

Eclipse ≫ Jetty Version9.4.0 Update20161207

Eclipse ≫ Jetty Version9.4.0 Update20161208

Eclipse ≫ Jetty Version9.4.0 Update20180619

Eclipse ≫ Jetty Version9.4.0 Updatemaintenance_0

Eclipse ≫ Jetty Version9.4.0 Updatemaintenance_1

Eclipse ≫ Jetty Version9.4.0 Updaterc0

Eclipse ≫ Jetty Version9.4.0 Updaterc1

Eclipse ≫ Jetty Version9.4.0 Updaterc2

Eclipse ≫ Jetty Version9.4.0 Updaterc3

Eclipse ≫ Jetty Version9.4.1 Update20170120

Eclipse ≫ Jetty Version9.4.1 Update20180619

Eclipse ≫ Jetty Version9.4.2 Update20170220

Eclipse ≫ Jetty Version9.4.2 Update20180619

Eclipse ≫ Jetty Version9.4.3 Update20170317

Eclipse ≫ Jetty Version9.4.3 Update20180619

Eclipse ≫ Jetty Version9.4.4 Update20170410

Eclipse ≫ Jetty Version9.4.4 Update20170414

Eclipse ≫ Jetty Version9.4.4 Update20180619

Eclipse ≫ Jetty Version9.4.5 Update20170502

Eclipse ≫ Jetty Version9.4.5 Update20180619

Eclipse ≫ Jetty Version9.4.6 Update20170531

Eclipse ≫ Jetty Version9.4.6 Update20180619

Eclipse ≫ Jetty Version9.4.7 Update20170914

Eclipse ≫ Jetty Version9.4.7 Update20180619

Eclipse ≫ Jetty Version9.4.7 Updaterc0

Eclipse ≫ Jetty Version9.4.8 Update20171121

Eclipse ≫ Jetty Version9.4.8 Update20180619

Eclipse ≫ Jetty Version9.4.9 Update20180320

Eclipse ≫ Jetty Version9.4.10 Update20180503

Eclipse ≫ Jetty Version9.4.10 Updaterc0

Eclipse ≫ Jetty Version9.4.10 Updaterc1

Eclipse ≫ Jetty Version9.4.11 Update20180605

Eclipse ≫ Jetty Version9.4.12 Update20180830

Eclipse ≫ Jetty Version9.4.12 Updaterc0

Eclipse ≫ Jetty Version9.4.12 Updaterc1

Eclipse ≫ Jetty Version9.4.12 Updaterc2

Eclipse ≫ Jetty Version9.4.13 Update20181111

Eclipse ≫ Jetty Version9.4.14 Update20181114

Eclipse ≫ Jetty Version9.4.15 Update20190215

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Apache ≫ Activemq Version5.15.9

Apache ≫ Drill Version1.16.0

Oracle ≫ Flexcube Core Banking Version >= 11.5.0 <= 11.7.0

Oracle ≫ Flexcube Core Banking Version5.2.0

Oracle ≫ Rest Data Services Version11.2.0.4 SwEdition-

Oracle ≫ Rest Data Services Version12.1.0.2 SwEdition-

Oracle ≫ Rest Data Services Version12.2.0.1 SwEdition-

Oracle ≫ Rest Data Services Version18c SwEdition-

Oracle ≫ Retail Xstore Point Of Service Version7.1

Oracle ≫ Retail Xstore Point Of Service Version15.0

Oracle ≫ Retail Xstore Point Of Service Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	25.44%	0.96

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E

https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E

https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html

Third Party Advisory