CVE-2019-10247
Severity
5.3MEDIUM
EPSS
4.2%
top 11.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 22
Latest updateJan 15
Description
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it p…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages23 packages
Also affects: Debian Linux 10.0, 9.0
Patches
🔴Vulnerability Details
4📋Vendor Advisories
7Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Eclipse Jetty) — CVE-2019-10247↗2021-01-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Core (Eclipse Jetty) — CVE-2019-10247↗2020-10-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Platform (Eclipse Jetty) — CVE-2019-10247↗2020-07-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Core (Eclipse Jetty) — CVE-2019-10247↗2020-04-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Integrator Acquistion System (Eclipse Jetty) — CVE-2019-10247↗2020-01-15