We found results for “”
CVE-2019-10246
Good to know:
Date: April 22, 2019
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
Language: Java
Severity Score
Related Resources (13)
Severity Score
Weakness Type (CWE)
Information Leak / Disclosure
CWE-200Top Fix
Upgrade Version
Upgrade to version jetty-9.3.27.v20190418,jetty-9.4.17.v20190418,jetty-9.2.28.v20190418
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |