First published: Mon Apr 22 2019(Updated: )
Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
Credit: emo@eclipse.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse Jetty | =9.2.27-20190403 | |
Eclipse Jetty | =9.3.26-20190403 | |
Eclipse Jetty | =9.4.16-20190411 | |
Microsoft Windows | ||
NetApp OnCommand System Manager | >=3.0<=3.1.3 | |
NetApp Snap Creator Framework | ||
Netapp Snapcenter | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Storage Replication Adapter For Clustered Data Ontap Vmware Vsphere | >=9.6 | |
Netapp Storage Replication Adapter For Clustered Data Ontap | =9.6 | |
Netapp Storage Services Connector | ||
Netapp Vasa Provider For Clustered Data Ontap | >=9.6 | |
Netapp Vasa Provider For Clustered Data Ontap | ||
Netapp Virtual Storage Console Vmware Vsphere | >=9.6 | |
Netapp Virtual Storage Console | =9.6 | |
Netapp Element Vcenter Server | ||
Oracle AutoVue | =21.0.2 | |
Oracle Communications Analytics | =12.1.1 | |
Oracle Communications Element Manager | =8.0.0 | |
Oracle Communications Element Manager | =8.1.0 | |
Oracle Communications Element Manager | =8.1.1 | |
Oracle Communications Element Manager | =8.2.0 | |
Oracle Communications Services Gatekeeper | =6.0 | |
Oracle Communications Services Gatekeeper | =6.1 | |
Oracle Communications Services Gatekeeper | =7.0 | |
Oracle Communications Session Report Manager | =8.0.0 | |
Oracle Communications Session Report Manager | =8.1.0 | |
Oracle Communications Session Report Manager | =8.1.1 | |
Oracle Communications Session Report Manager | =8.2.0 | |
Oracle Communications Session Route Manager | =8.0.0 | |
Oracle Communications Session Route Manager | =8.1.0 | |
Oracle Communications Session Route Manager | =8.1.1 | |
Oracle Communications Session Route Manager | =8.2.0 | |
Oracle Data Integrator | =12.2.1.3.0 | |
Oracle Data Integrator | =12.2.1.4.0 | |
Oracle Endeca Information Discovery Integrator | =3.2.0 | |
Oracle Enterprise Manager Base Platform | =13.2 | |
Oracle Enterprise Manager Base Platform | =13.3 | |
Oracle FLEXCUBE Core Banking | >=11.5.0<=11.7.0 | |
Oracle FLEXCUBE Core Banking | =5.2.0 | |
Oracle FLEXCUBE Private Banking | =12.0.0 | |
Oracle FLEXCUBE Private Banking | =12.1.0 | |
Oracle Hospitality Guest Access | =4.2.0 | |
Oracle Hospitality Guest Access | =4.2.1 | |
Oracle REST Data Services | =11.2.0.4 | |
Oracle REST Data Services | =12.1.0.2 | |
Oracle REST Data Services | =12.2.0.1 | |
Oracle REST Data Services | =18c | |
Oracle Retail Xstore Point of Service | =7.1 | |
Oracle Retail Xstore Point of Service | =15.0 | |
Oracle Retail Xstore Point of Service | =16.0 | |
Oracle Retail Xstore Point of Service | =17.0 | |
Oracle Unified Directory | =12.2.1.3.0 | |
Oracle Unified Directory | =12.2.1.4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Eclipse Jetty vulnerability is CVE-2019-10246.
The severity level of CVE-2019-10246 is medium (5.3).
Eclipse Jetty versions 9.2.27, 9.3.26, and 9.4.16 are affected by CVE-2019-10246.
A remote attacker can exploit this vulnerability in Eclipse Jetty to obtain sensitive information by exposing the fully qualified Base Resource directory name on Windows to a remote client when the server is configured for showing a Listing of directory contents.
No, Windows servers are not vulnerable to CVE-2019-10246.