medium
5.3
CWE
200 213
Advisory Published
CVE Published
Updated

CVE-2019-10247: Infoleak

First published: Thu Apr 18 2019(Updated: )

Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.

Credit: emo@eclipse.org

Affected SoftwareAffected VersionHow to fix
debian/jetty9
9.4.16-0+deb10u1
9.4.50-4+deb10u1
9.4.39-3+deb11u2
9.4.50-4+deb11u1
9.4.50-4+deb12u2
9.4.53-1
redhat/jetty<9.2.28
9.2.28
redhat/jetty<9.3.27
9.3.27
redhat/jetty<9.4.16
9.4.16
Mortbay Jetty=7.0.0-20091005
Mortbay Jetty=7.0.0-maintenance_0
Mortbay Jetty=7.0.0-maintenance_1
Mortbay Jetty=7.0.0-maintenance_2
Mortbay Jetty=7.0.0-maintenance_3
Mortbay Jetty=7.0.0-maintenance_4
Mortbay Jetty=7.0.0-rc0
Mortbay Jetty=7.0.0-rc1
Mortbay Jetty=7.0.0-rc3
Mortbay Jetty=7.0.0-rc4
Mortbay Jetty=7.0.0-rc5
Mortbay Jetty=7.0.0-rc6
Mortbay Jetty=7.0.1-20091125
Mortbay Jetty=7.0.2-20100331
Mortbay Jetty=7.0.2-rc0
Mortbay Jetty=7.1.0-20100505
Mortbay Jetty=7.1.0-rc0
Mortbay Jetty=7.1.0-rc1
Mortbay Jetty=7.1.1-20100517
Mortbay Jetty=7.1.2-20100523
Mortbay Jetty=7.1.3-20100526
Mortbay Jetty=7.1.4-20100610
Mortbay Jetty=7.1.5-20100705
Mortbay Jetty=7.1.6-20100715
Mortbay Jetty=7.2.0-20101020
Mortbay Jetty=7.2.0-rc0
Mortbay Jetty=7.2.1-20101111
Mortbay Jetty=7.2.2-20101205
Mortbay Jetty=7.3.0-20110203
Mortbay Jetty=7.3.1-20110307
Mortbay Jetty=7.4.0-20110414
Mortbay Jetty=7.4.0-rc0
Mortbay Jetty=7.4.1-20110513
Mortbay Jetty=7.4.2-20110526
Mortbay Jetty=7.4.3-20110630
Mortbay Jetty=7.4.3-20110701
Mortbay Jetty=7.4.4-20110707
Mortbay Jetty=7.4.5-20110725
Mortbay Jetty=7.5.0-20110901
Mortbay Jetty=7.5.0-rc0
Mortbay Jetty=7.5.0-rc1
Mortbay Jetty=7.5.0-rc2
Mortbay Jetty=7.5.1-20110908
Mortbay Jetty=7.5.2-20111006
Mortbay Jetty=7.5.3-20111011
Mortbay Jetty=7.5.4-20111024
Mortbay Jetty=7.6.0-20120125
Mortbay Jetty=7.6.0-20120127
Mortbay Jetty=7.6.0-rc0
Mortbay Jetty=7.6.0-rc1
Mortbay Jetty=7.6.0-rc2
Mortbay Jetty=7.6.0-rc3
Mortbay Jetty=7.6.0-rc4
Mortbay Jetty=7.6.0-rc5
Mortbay Jetty=7.6.1-20120215
Mortbay Jetty=7.6.2-20120302
Mortbay Jetty=7.6.2-20120308
Mortbay Jetty=7.6.3-20120413
Mortbay Jetty=7.6.3-20120416
Mortbay Jetty=7.6.4-20120522
Mortbay Jetty=7.6.4-20120524
Mortbay Jetty=7.6.5-20120713
Mortbay Jetty=7.6.5-20120716
Mortbay Jetty=7.6.6-20120903
Mortbay Jetty=7.6.7-20120910
Mortbay Jetty=7.6.8-20121106
Mortbay Jetty=7.6.9-20130131
Mortbay Jetty=7.6.10-20130312
Mortbay Jetty=7.6.11-20130520
Mortbay Jetty=7.6.11-20130725
Mortbay Jetty=7.6.12-20130726
Mortbay Jetty=7.6.13-20130910
Mortbay Jetty=7.6.13-20130916
Mortbay Jetty=7.6.14-20131031
Mortbay Jetty=7.6.15-20140411
Mortbay Jetty=7.6.16-20140903
Mortbay Jetty=7.6.17-20150415
Mortbay Jetty=7.6.18-20150929
Mortbay Jetty=7.6.19-20160209
Mortbay Jetty=7.6.20-20160902
Mortbay Jetty=7.6.21-20160908
Mortbay Jetty=8.0.0-20110901
Mortbay Jetty=8.0.0-maintenance_0
Mortbay Jetty=8.0.0-maintenance_1
Mortbay Jetty=8.0.0-maintenance_2
Mortbay Jetty=8.0.0-maintenance_3
Mortbay Jetty=8.0.0-rc0
Mortbay Jetty=8.0.1-20110908
Mortbay Jetty=8.0.2-20111006
Mortbay Jetty=8.0.3-20111011
Mortbay Jetty=8.0.4-20111024
Mortbay Jetty=8.1.0-20120127
Mortbay Jetty=8.1.0-rc0
Mortbay Jetty=8.1.0-rc1
Mortbay Jetty=8.1.0-rc2
Mortbay Jetty=8.1.0-rc4
Mortbay Jetty=8.1.0-rc5
Mortbay Jetty=8.1.1-20120215
Mortbay Jetty=8.1.2-20120302
Mortbay Jetty=8.1.2-20120308
Mortbay Jetty=8.1.3-20120416
Mortbay Jetty=8.1.4-20120524
Mortbay Jetty=8.1.5-20120713
Mortbay Jetty=8.1.5-20120716
Mortbay Jetty=8.1.6-20120903
Mortbay Jetty=8.1.7-20120910
Mortbay Jetty=8.1.8-20121106
Mortbay Jetty=8.1.9-20130131
Mortbay Jetty=8.1.10-20130312
Mortbay Jetty=8.1.11-20130520
Mortbay Jetty=8.1.12-20130725
Mortbay Jetty=8.1.12-20130726
Mortbay Jetty=8.1.13-20130910
Mortbay Jetty=8.1.13-20130916
Mortbay Jetty=8.1.14-20131031
Mortbay Jetty=8.1.15-20140411
Mortbay Jetty=8.1.16-20140903
Mortbay Jetty=8.1.17-20150415
Mortbay Jetty=8.1.18-20150929
Mortbay Jetty=8.1.19-20160209
Mortbay Jetty=8.1.20-20160902
Mortbay Jetty=8.1.21-20160908
Mortbay Jetty=8.1.22-20160922
Mortbay Jetty=8.2.0-20160908
Mortbay Jetty=9.0.0-20130308
Mortbay Jetty=9.0.0-m5
Mortbay Jetty=9.0.0-maintenance_0
Mortbay Jetty=9.0.0-maintenance_1
Mortbay Jetty=9.0.0-maintenance_2
Mortbay Jetty=9.0.0-maintenance_3
Mortbay Jetty=9.0.0-maintenance_4
Mortbay Jetty=9.0.0-maintenance_5
Mortbay Jetty=9.0.0-rc0
Mortbay Jetty=9.0.0-rc1
Mortbay Jetty=9.0.0-rc2
Mortbay Jetty=9.0.0-rc3
Mortbay Jetty=9.0.1-20130408
Mortbay Jetty=9.0.2-20130417
Mortbay Jetty=9.0.2-20140415
Mortbay Jetty=9.0.3-20130506
Mortbay Jetty=9.0.4-20130621
Mortbay Jetty=9.0.4-20130625
Mortbay Jetty=9.0.5-20130813
Mortbay Jetty=9.0.5-20130815
Mortbay Jetty=9.0.6-20130919
Mortbay Jetty=9.0.6-20130930
Mortbay Jetty=9.0.7-20131031
Mortbay Jetty=9.0.7-20131107
Mortbay Jetty=9.1.0-20131115
Mortbay Jetty=9.1.0-maintenance_0
Mortbay Jetty=9.1.0-rc0
Mortbay Jetty=9.1.0-rc1
Mortbay Jetty=9.1.0-rc2
Mortbay Jetty=9.1.1-20140108
Mortbay Jetty=9.1.2-20140210
Mortbay Jetty=9.1.3-20140225
Mortbay Jetty=9.1.4-20140401
Mortbay Jetty=9.1.5-20140505
Mortbay Jetty=9.1.6-20151106
Mortbay Jetty=9.1.6-20160112
Mortbay Jetty=9.2.0-20140523
Mortbay Jetty=9.2.0-20140526
Mortbay Jetty=9.2.0-maintenance_0
Mortbay Jetty=9.2.0-maintenance_1
Mortbay Jetty=9.2.0-rc0
Mortbay Jetty=9.2.1-20140609
Mortbay Jetty=9.2.2-20140723
Mortbay Jetty=9.2.3-20140905
Mortbay Jetty=9.2.4-20141103
Mortbay Jetty=9.2.5-20141112
Mortbay Jetty=9.2.6-20141203
Mortbay Jetty=9.2.6-20141205
Mortbay Jetty=9.2.7-20150116
Mortbay Jetty=9.2.8-20150217
Mortbay Jetty=9.2.9-20150224
Mortbay Jetty=9.2.10-20150310
Mortbay Jetty=9.2.11-20150528
Mortbay Jetty=9.2.11-20150529
Mortbay Jetty=9.2.11-maintenance_0
Mortbay Jetty=9.2.12-20150709
Mortbay Jetty=9.2.12-maintenance_0
Mortbay Jetty=9.2.13-20150730
Mortbay Jetty=9.2.14-20151106
Mortbay Jetty=9.2.15-20160210
Mortbay Jetty=9.2.16-20160407
Mortbay Jetty=9.2.16-20160414
Mortbay Jetty=9.2.17-20160517
Mortbay Jetty=9.2.18-20160721
Mortbay Jetty=9.2.19-20160908
Mortbay Jetty=9.2.20-20161216
Mortbay Jetty=9.2.21-20170120
Mortbay Jetty=9.2.22-20170606
Mortbay Jetty=9.2.23-20171218
Mortbay Jetty=9.2.24-20180105
Mortbay Jetty=9.2.25-20180606
Mortbay Jetty=9.2.26-20180806
Mortbay Jetty=9.2.27-20190403
Mortbay Jetty=9.3.0-20150601
Mortbay Jetty=9.3.0-20150608
Mortbay Jetty=9.3.0-20150612
Mortbay Jetty=9.3.0-maintenance0
Mortbay Jetty=9.3.0-maintenance1
Mortbay Jetty=9.3.0-maintenance2
Mortbay Jetty=9.3.0-rc0
Mortbay Jetty=9.3.0-rc1
Mortbay Jetty=9.3.1-20150714
Mortbay Jetty=9.3.2-20150730
Mortbay Jetty=9.3.3-20150825
Mortbay Jetty=9.3.3-20150827
Mortbay Jetty=9.3.4-20151005
Mortbay Jetty=9.3.4-20151007
Mortbay Jetty=9.3.4-rc0
Mortbay Jetty=9.3.4-rc1
Mortbay Jetty=9.3.5-20151012
Mortbay Jetty=9.3.6-20151106
Mortbay Jetty=9.3.7-20160115
Mortbay Jetty=9.3.7-rc0
Mortbay Jetty=9.3.7-rc1
Mortbay Jetty=9.3.8-20160311
Mortbay Jetty=9.3.8-20160314
Mortbay Jetty=9.3.8-rc0
Mortbay Jetty=9.3.9-20160517
Mortbay Jetty=9.3.9-maintenance_0
Mortbay Jetty=9.3.9-maintenance_1
Mortbay Jetty=9.3.10-20160621
Mortbay Jetty=9.3.10-maintenance_0
Mortbay Jetty=9.3.11-20160721
Mortbay Jetty=9.3.11-maintenance_0
Mortbay Jetty=9.3.12-20160915
Mortbay Jetty=9.3.13-20161014
Mortbay Jetty=9.3.13-maintenance_0
Mortbay Jetty=9.3.14-20161028
Mortbay Jetty=9.3.15-20161220
Mortbay Jetty=9.3.16-20170119
Mortbay Jetty=9.3.16-20170120
Mortbay Jetty=9.3.17-20170317
Mortbay Jetty=9.3.17-rc0
Mortbay Jetty=9.3.18-20170406
Mortbay Jetty=9.3.19-20170502
Mortbay Jetty=9.3.20-20170531
Mortbay Jetty=9.3.21-20170918
Mortbay Jetty=9.3.21-maintenance_0
Mortbay Jetty=9.3.21-rc0
Mortbay Jetty=9.3.22-20171030
Mortbay Jetty=9.3.23-20180228
Mortbay Jetty=9.3.24-20180605
Mortbay Jetty=9.3.25-20180904
Mortbay Jetty=9.3.26-20190403
Mortbay Jetty=9.4.0-20161207
Mortbay Jetty=9.4.0-20161208
Mortbay Jetty=9.4.0-20180619
Mortbay Jetty=9.4.0-maintenance_0
Mortbay Jetty=9.4.0-maintenance_1
Mortbay Jetty=9.4.0-rc0
Mortbay Jetty=9.4.0-rc1
Mortbay Jetty=9.4.0-rc2
Mortbay Jetty=9.4.0-rc3
Mortbay Jetty=9.4.1-20170120
Mortbay Jetty=9.4.1-20180619
Mortbay Jetty=9.4.2-20170220
Mortbay Jetty=9.4.2-20180619
Mortbay Jetty=9.4.3-20170317
Mortbay Jetty=9.4.3-20180619
Mortbay Jetty=9.4.4-20170410
Mortbay Jetty=9.4.4-20170414
Mortbay Jetty=9.4.4-20180619
Mortbay Jetty=9.4.5-20170502
Mortbay Jetty=9.4.5-20180619
Mortbay Jetty=9.4.6-20170531
Mortbay Jetty=9.4.6-20180619
Mortbay Jetty=9.4.7-20170914
Mortbay Jetty=9.4.7-20180619
Mortbay Jetty=9.4.7-rc0
Mortbay Jetty=9.4.8-20171121
Mortbay Jetty=9.4.8-20180619
Mortbay Jetty=9.4.9-20180320
Mortbay Jetty=9.4.10-20180503
Mortbay Jetty=9.4.10-rc0
Mortbay Jetty=9.4.10-rc1
Mortbay Jetty=9.4.11-20180605
Mortbay Jetty=9.4.12-20180830
Mortbay Jetty=9.4.12-rc0
Mortbay Jetty=9.4.12-rc1
Mortbay Jetty=9.4.12-rc2
Mortbay Jetty=9.4.13-20181111
Mortbay Jetty=9.4.14-20181114
Mortbay Jetty=9.4.15-20190215
NetApp System Manager>=3.0<=3.1.3
NetApp Snap Creator Framework
NetApp SnapCenter
NetApp SnapManager for Oracle
NetApp SnapManager for SAP
NetApp Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere>=9.6
NetApp Storage Services Connector
NetApp VASA Provider>=9.6
NetApp Virtual Storage Console for VMware vSphere>=9.6
NetApp Element Plug-in for vCenter Server
Oracle AutoVue=21.0.2
Oracle Communications Analytics=12.1.1
Oracle Communications Element Manager=8.0.0
Oracle Communications Element Manager=8.1.0
Oracle Communications Element Manager=8.1.1
Oracle Communications Element Manager=8.2.0
GNU Gatekeeper=6.0
GNU Gatekeeper=6.1
GNU Gatekeeper=7.0
Oracle Communications Session Report Manager=8.0.0
Oracle Communications Session Report Manager=8.1.0
Oracle Communications Session Report Manager=8.1.1
Oracle Communications Session Report Manager=8.2.0
Oracle Communications Session Route Manager=8.0.0
Oracle Communications Session Route Manager=8.1.0
Oracle Communications Session Route Manager=8.1.1
Oracle Communications Session Route Manager=8.2.0
Oracle Data Integrator=12.2.1.3.0
Oracle Data Integrator=12.2.1.4.0
Oracle Endeca Information Discovery Integrator=3.2.0
Oracle Enterprise Manager=13.2
Oracle Enterprise Manager=13.3
Oracle FLEXCUBE Core Banking>=11.5.0<=11.7.0
Oracle FLEXCUBE Core Banking=5.2.0
Oracle FLEXCUBE Private Banking=12.0.0
Oracle FLEXCUBE Private Banking=12.1.0
Oracle Fusion Middleware Platform=12.2.1.3.0
Oracle Fusion Middleware Platform=12.2.1.4.0
Oracle Hospitality Guest Access=4.2.0
Oracle Hospitality Guest Access=4.2.1
Oracle Retail Xstore Office Cloud Service=7.1
Oracle Retail Xstore Office Cloud Service=15.0
Oracle Retail Xstore Office Cloud Service=16.0
Oracle Retail Xstore Office Cloud Service=17.0
Oracle Unified Directory=12.2.1.3.0
Oracle Unified Directory=12.2.1.4.0
Debian Linux=9.0
Debian Linux=10.0
IBM Global Data Engine<=3.0.0.2

Remedy

https://www.oracle.com/security-alerts/cpuApr2021.html

Remedy

https://www.oracle.com/security-alerts/cpuapr2020.html

Remedy

https://www.oracle.com/security-alerts/cpujan2020.html

Remedy

https://www.oracle.com/security-alerts/cpujan2021.html

Remedy

https://www.oracle.com/security-alerts/cpujul2020.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2020.html

Remedy

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2019-10247?

    The severity of CVE-2019-10247 is medium with a CVSS score of 5.3.

  • How does CVE-2019-10247 affect Eclipse Jetty?

    CVE-2019-10247 affects Eclipse Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older.

  • What is the vulnerability description of CVE-2019-10247?

    In Eclipse Jetty versions 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the request URI allowing an attacker to obtain sensitive information.

  • How can I fix CVE-2019-10247?

    To fix CVE-2019-10247, upgrade to Jetty version 9.2.28 or later, 9.3.27 or later, or 9.4.17 or later.

  • Are there any references for CVE-2019-10247?

    Yes, here are some references for CVE-2019-10247: [CVE Details](https://www.cve.org/CVERecord?id=CVE-2019-10247), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2019-10247), [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1705993), [Red Hat Security Advisory](https://access.redhat.com/errata/RHSA-2020:0922)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203