Information disclosure in Eclipse Jetty
CVE-2019-10247
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the outp…
EPSS: 0.058 (92.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Eclipse Jetty — versions 7.0.0, 7.0.1, 7.0.2
- Netapp Element
- Netapp Oncommand_system_manager
- Netapp Snapcenter
- Netapp Snap_creator_framework
- Netapp Snapmanager
- Netapp Storage_replication_adapter_for_clustered_data_ontap
- Netapp Storage_services_connector
- Netapp Vasa_provider_for_clustered_data_ontap
- Netapp Virtual_storage_console
Weakness classification (CWE)
Public proof-of-concept exploits
References
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (mailing-list, x_refsource_MLIST)
- emo@eclipse.org (Patch, Third Party Advisory, x_refsource_MISC)
- emo@eclipse.org (Patch, Third Party Advisory, x_refsource_MISC)
- emo@eclipse.org (Patch, Third Party Advisory, x_refsource_MISC)
- emo@eclipse.org (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-10247?
- CVE-2019-10247 is a medium-severity vulnerability in Eclipse Jetty, classified under CWE-213. CVSS score: 5.3/10. Published 2019-04-22.
- How severe is CVE-2019-10247?
- Medium severity. CVSS v3 base score is 5.3 out of 10.
- Is CVE-2019-10247 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.