CVE-2019-10246

2019-04-2220:29:00

Google

osv.dev

5.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.1%

JSON

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

CPENameOperatorVersion
jetty.projecteqjetty-9.4.37.v20210219
jetty.projecteqjetty-7.6.2.v20120302
jetty.projecteqjetty-8.1.4.v20120522
jetty.projecteqjetty-9.2.8.v20150217
jetty.projecteqjetty-7.6.4.v20120524
jetty.projecteqjetty-9.3.7.RC0
jetty.projecteqjetty-9.2.16.v20160414
jetty.projecteqjetty-11.0.4
jetty.projecteqjetty-7.6.9.v20130131
jetty.projecteqjetty-9.3.0.M0

Name	Operator	Version
jetty.project	eq	jetty-9.4.37.v20210219
jetty.project	eq	jetty-7.6.2.v20120302
jetty.project	eq	jetty-8.1.4.v20120522
jetty.project	eq	jetty-9.2.8.v20150217
jetty.project	eq	jetty-7.6.4.v20120524
jetty.project	eq	jetty-9.3.7.RC0
jetty.project	eq	jetty-9.2.16.v20160414
jetty.project	eq	jetty-11.0.4
jetty.project	eq	jetty-7.6.9.v20130131
jetty.project	eq	jetty-9.3.0.M0