Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA286BD77B3C7FBE86C2323B3D9F433CB3B367EDDC062CD70A992ABBC521C41B7
HistoryDec 16, 2019 - 4:01 p.m.

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Rational Performance Tester

2019-12-1616:01:20
www.ibm.com
22

0.01 Low

EPSS

Percentile

84.0%

JSON

Summary

Eclipse Jetty contains vulnerabilities that may allow a remote attacker to obtain sensitive information, cause execution of scripts without their knowledge and experience denial of service attacks.

Vulnerability Details

CVEID: CVE-2019-10241 DESCRIPTION: Eclipse Jetty is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DefaultServlet and ResourceHandler. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160676 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2019-10247 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the DefaultHandler. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160610 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-10246 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw when configured for showing a Listing of directory contents. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160611&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

RPT versions 8.6, 8.7, 9.0, 9.1, 9.2, 9.5.

Remediation/Fixes

Upgrading to RPT version 10.0 is strongly recommended.

Product VRMF APAR Remediation/First Fix
RPT 9.5 None Download
<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfc/0/RPTRST_PSIRT16274_9500UpdateSite.zip&gt;
RPT 9.2.1.1 None Download
<https://download4.boulder.ibm.com/sar/CMA/RAA/08cfa/0/RPTRST_PSIRT16274_9211UpdateSite.zip&gt;
RPT 9.1.1.1 None Download
<https://download4.boulder.ibm.com/sar/CMA/RAA/08cf7/0/RPTRST_PSIRT16274_9111UpdateSite.zip&gt;
RPT 9.0 None Upgrade to version 10.0
RPT 8.7 None Upgrade to version 10.0
RPT 8.6 None Upgrade to version 10.0

Related

ibm 26
nessus 4
veracode 3
openvas 7
osv 8
prion 3
redhatcve 3
ubuntucve 3
github 3
debiancve 3
debian 2
cvelist 3
nvd 3
cve 3
symantec 2
f5 2
redhat 3
oracle 8
ibm
ibm
Security Bulletin: Multiple Eclipse Jetty Vulnerabilities Affect IBM Sterling Secure Proxy Summary
2020-07-24 22:19:08
Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)
2022-06-23 16:36:10
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis
2021-04-20 06:01:01
nessus
nessus
RHEL 7 : nutch (Unpatched Vulnerability)
2024-06-03 00:00:00
Debian DLA-2661-1 : jetty9 security update
2021-05-17 00:00:00
RHEL 6 : jetty (Unpatched Vulnerability)
2024-05-11 00:00:00
veracode
veracode
Information Disclosure
2019-04-23 02:38:49
Cross-site Scripting (XSS)
2019-04-23 03:03:46
Information Disclosure
2019-04-23 02:09:30
openvas
openvas
Eclipse Jetty Information Disclosure Vulnerability (CVE-2019-10246) - Windows
2019-04-25 00:00:00
Eclipse Jetty XSS Vulnerability (CVE-2019-10241) - Windows
2019-04-25 00:00:00
Eclipse Jetty Information Disclosure Vulnerability (CVE-2019-10247) - Windows
2019-04-25 00:00:00
osv
osv
CVE-2019-10246
2019-04-22 20:29:00
Information Exposure vulnerability in Eclipse Jetty
2019-04-23 16:07:18
CVE-2019-10241
2019-04-22 20:29:00
prion
prion
Design/Logic Flaw
2019-04-22 20:29:00
Design/Logic Flaw
2019-04-22 20:29:00
Design/Logic Flaw
2019-04-22 20:29:00
redhatcve
redhatcve
CVE-2019-10246
2023-04-18 13:31:06
CVE-2019-10247
2019-05-03 12:04:35
CVE-2019-10241
2019-05-03 10:22:41
ubuntucve
ubuntucve
CVE-2019-10246
2019-04-22 00:00:00
CVE-2019-10241
2019-04-22 00:00:00
CVE-2019-10247
2019-04-22 00:00:00
github
github
Information Exposure vulnerability in Eclipse Jetty
2019-04-23 16:07:18
Cross-site Scripting in Eclipse Jetty
2019-04-23 16:06:02
Installation information leak in Eclipse Jetty
2019-04-23 16:07:12
debiancve
debiancve
CVE-2019-10246
2019-04-22 20:29:00
CVE-2019-10247
2019-04-22 20:29:00
CVE-2019-10241
2019-04-22 20:29:00
debian
debian
[SECURITY] [DLA 2661-1] jetty9 security update
2021-05-14 13:28:53
[SECURITY] [DSA 4949-1] jetty9 security update
2021-08-04 21:52:09
cvelist
cvelist
CVE-2019-10246
2019-04-22 20:14:49
CVE-2019-10241
2019-04-22 20:14:49
CVE-2019-10247
2019-04-22 20:14:49
nvd
nvd
CVE-2019-10246
2019-04-22 20:29:00
CVE-2019-10241
2019-04-22 20:29:00
CVE-2019-10247
2019-04-22 20:29:00
cve
cve
CVE-2019-10246
2019-04-22 20:29:00
CVE-2019-10241
2019-04-22 20:29:00
CVE-2019-10247
2019-04-22 20:29:00
symantec
symantec
Eclipse Jetty CVE-2019-10241 Cross Site Scripting Vulnerability
2019-04-04 00:00:00
Eclipse Jetty CVE-2019-10247 Information Disclosure Vulnerability
2019-06-11 00:00:00
f5
f5
K01869532 : Eclipse Jetty vulnerability CVE-2019-10241
2020-12-14 00:00:00
K41412302 : Jetty vulnerability CVE-2019-10247
2020-12-01 00:00:00
redhat
redhat
(RHSA-2020:0922) Important: Red Hat AMQ Broker 7.6 release and security update
2020-03-23 08:05:45
(RHSA-2020:1445) Important: Red Hat AMQ Broker 7.4.3 release and security update
2020-04-14 12:57:06
(RHSA-2020:0983) Important: Red Hat Fuse 7.6.0 security update
2020-03-26 15:40:22
oracle
oracle
Oracle Critical Patch Update Advisory - October 2019
2020-01-22 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

0.01 Low

EPSS

Percentile

84.0%

JSON
Related for A286BD77B3C7FBE86C2323B3D9F433CB3B367EDDC062CD70A992ABBC521C41B7
ibm26nessus4veracode3openvas7osv8prion3redhatcve3ubuntucve3github3debiancve3debian2cvelist3nvd3cve3symantec2f52redhat3oracle8