Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-10246

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
eclipse / jetty 9.2.27-20190403 9.2.27-20190403.x
eclipse / jetty 9.3.26-20190403 9.3.26-20190403.x
eclipse / jetty 9.4.16-20190411 9.4.16-20190411.x
netapp / oncommand_system_manager 3.0 3.1.3.x
netapp / virtual_storage_console 9.6 9.6.x
netapp / storage_replication_adapter_for_clustered_data_ontap 9.6 9.6.x
netapp / vasa_provider_for_clustered_data_ontap 9.6 9.6.x
oracle / retail_xstore_point_of_service 15.0 15.0.x
oracle / flexcube_private_banking 12.1.0 12.1.0.x
oracle / retail_xstore_point_of_service 7.1 7.1.x
oracle / flexcube_private_banking 12.0.0 12.0.0.x
oracle / flexcube_core_banking 5.2.0 5.2.0.x
oracle / hospitality_guest_access 4.2.0 4.2.0.x
oracle / hospitality_guest_access 4.2.1 4.2.1.x
oracle / retail_xstore_point_of_service 16.0 16.0.x
oracle / endeca_information_discovery_integrator 3.2.0 3.2.0.x
oracle / enterprise_manager_base_platform 13.3 13.3.x
oracle / enterprise_manager_base_platform 13.2 13.2.x
oracle / data_integrator 12.2.1.3.0 12.2.1.3.0.x
oracle / unified_directory 12.2.1.3.0 12.2.1.3.0.x
oracle / unified_directory 12.2.1.4.0 12.2.1.4.0.x
oracle / communications_element_manager 8.2.0 8.2.0.x
oracle / communications_element_manager 8.1.1 8.1.1.x
oracle / retail_xstore_point_of_service 17.0 17.0.x
oracle / communications_element_manager 8.1.0 8.1.0.x
oracle / communications_element_manager 8.0.0 8.0.0.x
oracle / rest_data_services 12.2.0.1 12.2.0.1.x
oracle / rest_data_services 12.1.0.2 12.1.0.2.x
oracle / rest_data_services 11.2.0.4 11.2.0.4.x
oracle / rest_data_services 18c 18c.x
oracle / flexcube_core_banking 11.5.0 11.7.0.x
oracle / communications_services_gatekeeper 7.0 7.0.x
oracle / data_integrator 12.2.1.4.0 12.2.1.4.0.x
oracle / communications_session_report_manager 8.1.1 8.1.1.x
oracle / communications_session_report_manager 8.2.0 8.2.0.x
oracle / communications_session_route_manager 8.1.1 8.1.1.x
oracle / communications_session_route_manager 8.2.0 8.2.0.x
oracle / communications_analytics 12.1.1 12.1.1.x
oracle / communications_session_route_manager 8.0.0 8.0.0.x
oracle / communications_session_route_manager 8.1.0 8.1.0.x
oracle / communications_session_report_manager 8.0.0 8.0.0.x
oracle / communications_session_report_manager 8.1.0 8.1.0.x
oracle / autovue 21.0.2 21.0.2.x
oracle / communications_services_gatekeeper 6.0 6.0.x
oracle / communications_services_gatekeeper 6.1 6.1.x
org.eclipse.jetty / jetty-server 9.2.0 9.2.28.v20190418
org.eclipse.jetty / jetty-server 9.3.0 9.3.27.v20190418
org.eclipse.jetty / jetty-server 9.4.0 9.4.17.v20190418