CVE-2019-10241
published 2019-04-22CVE-2019-10241: In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
Affected
85 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | activemq | — | — |
| apache | drill | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | jetty9 | < jetty9 9.4.18-2 (bookworm) | jetty9 9.4.18-2 (bookworm) |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
| eclipse | jetty | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM