CVE-2019-10241

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-04-2019 10:29

Last modified: - 22-04-2022 10:06

Total changes: - 4

Description

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

Low

Integrity

None

Privileges required

Changed

Scope

Required

User interaction

6.1

Base score

2.8

2.7

Exploitability score

Impact score

Verification logic

vendor=eclipse AND product=jetty AND version=9.2.6 AND update=20141205

vendor=eclipse AND product=jetty AND version=9.2.7 AND update=20150116

vendor=eclipse AND product=jetty AND version=9.2.8 AND update=20150217

vendor=eclipse AND product=jetty AND version=9.2.9 AND update=20150224

vendor=eclipse AND product=jetty AND version=9.2.19 AND update=20160908

vendor=eclipse AND product=jetty AND version=9.2.20 AND update=20161216

vendor=eclipse AND product=jetty AND version=9.2.21 AND update=20170120

vendor=eclipse AND product=jetty AND version=9.2.22 AND update=20170606

vendor=eclipse AND product=jetty AND version=9.3.2 AND update=20150730

vendor=eclipse AND product=jetty AND version=9.3.3 AND update=20150825

vendor=eclipse AND product=jetty AND version=9.3.3 AND update=20150827

vendor=eclipse AND product=jetty AND version=9.3.4 AND update=20151005

vendor=eclipse AND product=jetty AND version=9.3.9 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.3.9 AND update=maintenance_1

vendor=eclipse AND product=jetty AND version=9.3.10 AND update=20160621

vendor=eclipse AND product=jetty AND version=9.3.10 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.3.11 AND update=20160721

vendor=eclipse AND product=jetty AND version=9.3.20 AND update=20170531

vendor=eclipse AND product=jetty AND version=9.3.21 AND update=20170918

vendor=eclipse AND product=jetty AND version=9.3.21 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.3.21 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.4.1 AND update=20170120

vendor=eclipse AND product=jetty AND version=9.4.1 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.2 AND update=20170220

vendor=eclipse AND product=jetty AND version=9.4.2 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.8 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.9 AND update=20180320

vendor=eclipse AND product=jetty AND version=9.4.10 AND update=20180503

vendor=eclipse AND product=jetty AND version=9.4.10 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.2.0 AND update=maintenance_1

vendor=eclipse AND product=jetty AND version=9.2.0 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.2.1 AND update=20140609

vendor=eclipse AND product=jetty AND version=9.2.2 AND update=20140723

vendor=eclipse AND product=jetty AND version=9.2.12 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.2.13 AND update=20150730

vendor=eclipse AND product=jetty AND version=9.2.14 AND update=20151106

vendor=eclipse AND product=jetty AND version=9.2.15 AND update=20160210

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=20150601

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=20150608

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=20150612

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=maintenance2

vendor=eclipse AND product=jetty AND version=9.3.6 AND update=20151106

vendor=eclipse AND product=jetty AND version=9.3.7 AND update=20160115

vendor=eclipse AND product=jetty AND version=9.3.7 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.3.7 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.3.14 AND update=20161028

vendor=eclipse AND product=jetty AND version=9.3.15 AND update=20161220

vendor=eclipse AND product=jetty AND version=9.3.16 AND update=20170119

vendor=eclipse AND product=jetty AND version=9.3.16 AND update=20170120

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=20161207

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=20161208

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=maintenance_1

vendor=eclipse AND product=jetty AND version=9.4.4 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.5 AND update=20170502

vendor=eclipse AND product=jetty AND version=9.4.5 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.6 AND update=20170531

vendor=eclipse AND product=jetty AND version=9.4.12 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.4.12 AND update=rc2

vendor=eclipse AND product=jetty AND version=9.4.13 AND update=20181111

vendor=eclipse AND product=jetty AND version=9.4.14 AND update=20181114

vendor=eclipse AND product=jetty AND version=9.2.0 AND update=20140526

vendor=eclipse AND product=jetty AND version=9.2.4 AND update=20141103

vendor=eclipse AND product=jetty AND version=9.2.6 AND update=20141203

vendor=eclipse AND product=jetty AND version=9.2.10 AND update=20150310

vendor=eclipse AND product=jetty AND version=9.2.11 AND update=20150529

vendor=eclipse AND product=jetty AND version=9.2.12 AND update=20150709

vendor=eclipse AND product=jetty AND version=9.2.16 AND update=20160407

vendor=eclipse AND product=jetty AND version=9.2.17 AND update=20160517

vendor=eclipse AND product=jetty AND version=9.2.24 AND update=20180105

vendor=eclipse AND product=jetty AND version=9.2.26 AND update=20180806

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=maintenance0

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.3.1 AND update=20150714

vendor=eclipse AND product=jetty AND version=9.3.4 AND update=20151007

vendor=eclipse AND product=jetty AND version=9.3.4 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.3.8 AND update=20160314

vendor=eclipse AND product=jetty AND version=9.3.9 AND update=20160517

vendor=eclipse AND product=jetty AND version=9.3.12 AND update=20160915

vendor=eclipse AND product=jetty AND version=9.3.13 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.3.17 AND update=20170317

vendor=eclipse AND product=jetty AND version=9.3.18 AND update=20170406

vendor=eclipse AND product=jetty AND version=9.3.23 AND update=20180228

vendor=eclipse AND product=jetty AND version=9.3.25 AND update=20180904

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=rc3

vendor=eclipse AND product=jetty AND version=9.4.3 AND update=20170317

vendor=eclipse AND product=jetty AND version=9.4.4 AND update=20170410

vendor=eclipse AND product=jetty AND version=9.4.7 AND update=20170914

vendor=eclipse AND product=jetty AND version=9.4.7 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.4.11 AND update=20180605

vendor=eclipse AND product=jetty AND version=9.4.12 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.4.15 AND update=20190215

vendor=eclipse AND product=jetty AND version=9.2.0 AND update=20140523

vendor=eclipse AND product=jetty AND version=9.2.0 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.2.3 AND update=20140905

vendor=eclipse AND product=jetty AND version=9.2.5 AND update=20141112

vendor=eclipse AND product=jetty AND version=9.2.11 AND update=20150528

vendor=eclipse AND product=jetty AND version=9.2.11 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.2.16 AND update=20160414

vendor=eclipse AND product=jetty AND version=9.2.18 AND update=20160721

vendor=eclipse AND product=jetty AND version=9.2.23 AND update=20171218

vendor=eclipse AND product=jetty AND version=9.2.25 AND update=20180606

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=maintenance1

vendor=eclipse AND product=jetty AND version=9.3.0 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.3.4 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.3.5 AND update=20151012

vendor=eclipse AND product=jetty AND version=9.3.8 AND update=20160311

vendor=eclipse AND product=jetty AND version=9.3.8 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.3.11 AND update=maintenance_0

vendor=eclipse AND product=jetty AND version=9.3.13 AND update=20161014

vendor=eclipse AND product=jetty AND version=9.3.17 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.3.19 AND update=20170502

vendor=eclipse AND product=jetty AND version=9.3.22 AND update=20171030

vendor=eclipse AND product=jetty AND version=9.3.24 AND update=20180605

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=rc0

vendor=eclipse AND product=jetty AND version=9.4.0 AND update=rc2

vendor=eclipse AND product=jetty AND version=9.4.3 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.4 AND update=20170414

vendor=eclipse AND product=jetty AND version=9.4.6 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.7 AND update=20180619

vendor=eclipse AND product=jetty AND version=9.4.8 AND update=20171121

vendor=eclipse AND product=jetty AND version=9.4.10 AND update=rc1

vendor=eclipse AND product=jetty AND version=9.4.12 AND update=20180830

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=apache AND product=activemq AND version=5.15.9

vendor=apache AND product=drill AND version=1.16.0

vendor=oracle AND product=flexcube_core_banking AND version=5.2.0

vendor=oracle AND product=flexcube_core_banking AND versionEndIncluding=11.7.0 AND versionStartIncluding=11.5.0

vendor=oracle AND product=rest_data_services AND version=11.2.0.4 AND software_edition=-

vendor=oracle AND product=rest_data_services AND version=12.1.0.2 AND software_edition=-

vendor=oracle AND product=rest_data_services AND version=12.2.0.1 AND software_edition=-

vendor=oracle AND product=rest_data_services AND version=18c AND software_edition=-

vendor=oracle AND product=retail_xstore_point_of_service AND version=7.1

vendor=oracle AND product=retail_xstore_point_of_service AND version=15.0

vendor=oracle AND product=retail_xstore_point_of_service AND version=16.0

vendor=oracle AND product=retail_xstore_point_of_service AND version=17.0

Reference

https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241-Mailing List, Third Party Advisory
[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241-Mailing List, Third Party Advisory
[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241-Mailing List, Third Party Advisory
[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241-Mailing List, Third Party Advisory
[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0003/
[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.-Mailing List, Third Party Advisory
[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar-Mailing List, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Mailing List, Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update-Mailing List, Third Party Advisory
DSA-4949-Third Party Advisory

Keywords

CVE-2019-10241

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-10241

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures