{"containers": {"cna": {"affected": [{"product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [{"lessThanOrEqual": "9.2.26", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "9.3.25", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "9.4.15", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-05T11:06:23", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"}, {"name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"}, {"name": "DSA-4949", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4949"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-10241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Jetty", "version": {"version_data": [{"version_affected": "<=", "version_value": "9.2.26"}, {"version_affected": "<=", "version_value": "9.3.25"}, {"version_affected": "<=", "version_value": "9.4.15"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E"}, {"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190509-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"}, {"name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"}, {"name": "DSA-4949", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4949"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:19.587Z"}, "title": "CVE Program Container", "references": [{"name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E"}, {"name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E"}, {"name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"}, {"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"}, {"name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"}, {"name": "DSA-4949", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4949"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2019-10241", "datePublished": "2019-04-22T20:14:49", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:19.587Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*", "matchCriteriaId": "D3DBA476-4CBF-457E-B34B-38D363A61FF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*", "matchCriteriaId": "617652B0-AE6D-40F2-862F-22461469C44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "4741E336-4C6C-4ACA-A7DC-93ED7AF5D0A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "693C2BDC-B0BA-41C1-8417-A011356E299B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "EFDEBE0B-A00A-45B1-9696-EF15CE33D78E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*", "matchCriteriaId": "4B821618-500F-4D53-8074-52594B205920", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*", "matchCriteriaId": "468677A7-4F49-441A-B395-2E91A23DB315", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*", "matchCriteriaId": "7C6795DC-F74D-4FA5-8101-5EBA1F6C40B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*", "matchCriteriaId": "1608313D-051E-404A-8EA4-FA9AE85986C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*", "matchCriteriaId": "924C49E5-E895-4FFA-BFBF-FD35F1D387A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*", "matchCriteriaId": "85511393-A06D-49E1-A337-F907460202E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*", "matchCriteriaId": "171A1985-6507-4FF9-82CA-3A563DD6BB58", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*", "matchCriteriaId": "B808093F-84D9-47E8-A073-1ABE9876ECBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*", "matchCriteriaId": "1A9F7AC1-7749-4366-9A8D-8295E67F6F6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*", "matchCriteriaId": "9A77B21A-B792-406D-B595-A04F2072B845", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*", "matchCriteriaId": "AFE9FE53-313D-421D-829B-DC10CF445E77", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*", "matchCriteriaId": "647AF59D-9439-4CF3-B3FF-F9349DF2D87B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*", "matchCriteriaId": "C4469A39-4BA5-4F39-8F89-406ADDF71403", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "F0629B5B-D242-4835-B9DB-24C94844EE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*", "matchCriteriaId": "2E9D6731-E22A-4F17-BEB8-9F9993C54136", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "BD85DBCD-F62F-444F-B4D6-7462AC4E3CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*", "matchCriteriaId": "F545A49C-86D9-47EF-8B01-855B63B8412E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*", "matchCriteriaId": "15F53024-1B27-4F74-BCAE-5160D5C97AAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*", "matchCriteriaId": "1E6B55AB-3432-4D3B-8EFB-5E9B95D2CAC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*", "matchCriteriaId": "E6A7426D-8CE9-4A74-9C91-CBC9E2A71D1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*", "matchCriteriaId": "3E1A8929-6122-47D4-A166-26CC4D93E47F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*", "matchCriteriaId": "1D612C4F-5728-4BC8-B546-70F40857A244", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*", "matchCriteriaId": "A77A4E1D-F90A-4F60-BA5D-94D32C9A24E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*", "matchCriteriaId": "7F158635-FC7A-4FCF-8FCD-92749DEABEF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*", "matchCriteriaId": "70D77072-129D-411A-B05A-40E33A9B6234", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*", "matchCriteriaId": "8A43FFDF-7C66-4474-AD85-A5E55C8AE00D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*", "matchCriteriaId": "54CB12A0-45F2-458F-91AE-EE78DD5B0A0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*", "matchCriteriaId": "8C145C68-565E-4276-A3C6-F19F0B1A586F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*", "matchCriteriaId": "AE5E071A-E847-4BEB-A72D-5DAF66016642", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*", "matchCriteriaId": "BC93C60A-8D2E-44F9-B5E6-BCCEC8239B67", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*", "matchCriteriaId": "0A86E93C-7941-4105-83C5-9BD51683AA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "matchCriteriaId": "7E548698-6582-4598-A832-B64483B8D2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "matchCriteriaId": "14AA2E29-F543-4B80-B8DD-F76187E63A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "matchCriteriaId": "9B74BDCF-AF80-4679-8915-7D01E90BF4D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "matchCriteriaId": "580A8553-56D1-41F3-A8A9-5698D3FA7F12", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "matchCriteriaId": "C2784485-FE0D-454D-B4EC-9F91EE396AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "matchCriteriaId": "C0AD7F68-96BD-442F-BC36-091D19BC1AC9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "34269139-FB46-4EF8-BE3A-7B130F25B5E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "77FD0118-11CC-41AB-9B12-030B1F6F8EBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "matchCriteriaId": "A4D8788C-C718-479B-B441-B3C40F261CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "matchCriteriaId": "EFB22D92-F41A-4C35-8FD6-1A57E9A25132", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "matchCriteriaId": "58368FE2-71A7-470B-A918-E5DB97EE5176", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "matchCriteriaId": "7D6CC58E-E40C-4D7A-B0EC-CDB5831FDA78", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "matchCriteriaId": "612EB189-F829-4426-90CE-EBD75F91E652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "matchCriteriaId": "51C4F42E-99CE-4D4B-89B2-E43EE85FDE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "matchCriteriaId": "2D040A9F-5FE2-48DB-BD7D-83DDB4CE8B8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "AD6F208D-C7B2-4C3C-9FF7-6BF6618D2DCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "matchCriteriaId": "56472E25-401A-411D-9A13-3EAB65025DFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "matchCriteriaId": "525AC31D-F470-4E09-88D8-261FFEA88C50", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "matchCriteriaId": "A5B32089-B410-4D62-8751-8341CC696F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "327C5D1A-2CB7-4F0C-B0CB-4D8CBB068D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "E70AB03E-BE50-43B1-B6BA-BFEFFEE73D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "matchCriteriaId": "9781FB3C-386A-4CB8-B330-B707E8F56F55", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "matchCriteriaId": "880FD5EC-D796-4232-B587-A99F80FDB68E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "matchCriteriaId": "DEB8AEEB-77E4-41E7-A097-2A3DE29DF89B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "matchCriteriaId": "D52DFC06-3B44-4675-B7BA-18535B1499C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "83292226-E45E-4B13-963B-36FE18815939", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "1A5D6F9A-3326-4C74-932D-DDE4AD900D1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "matchCriteriaId": "FC9739B3-070C-4D1D-BD44-E16DC23D5F3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "E6C07F9D-27C0-4A56-97EE-D0392CFEEB96", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "matchCriteriaId": "0B466BB1-D312-4F4A-9A96-1F88620A970D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "A0279CFA-12F5-4D73-9136-3EC240F14107", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "matchCriteriaId": "47C060B9-CEED-4D24-BC47-FE1AF604A72C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "matchCriteriaId": "AF745A33-0FEF-47E6-B549-8349C6D63B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "39C85CB4-BC76-4E2D-B7FF-72EAF85DA40F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "matchCriteriaId": "363C327A-B383-4D07-9442-55254D3284E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "matchCriteriaId": "BDCF78F5-AC04-4F98-A57B-0C60C184589A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "matchCriteriaId": "B655ED4D-1A48-414B-AD5B-AC08644CE7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "matchCriteriaId": "516E3314-C528-4DEF-B673-829094612C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "matchCriteriaId": "384F3A83-DDD5-4DC2-8257-F3A14BFD79E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "matchCriteriaId": "2688CA0E-2A36-4BAA-88CA-CA00DDA276EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "matchCriteriaId": "6482DF67-9178-409D-A522-68ACF3D08208", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "matchCriteriaId": "FEC43E92-04B8-4F90-82C8-6DD2255B2652", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "matchCriteriaId": "3BEF4B04-1014-400E-8EAA-EA3DFE968D41", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "matchCriteriaId": "1C6FD95B-FDFA-412D-BCF7-A17EA87DFA0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "C1547494-C1A0-4755-8C0F-53F4084A1ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "matchCriteriaId": "0220E37B-EEBC-4641-AD1C-245DC249F51B", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "matchCriteriaId": "CCCC8914-C758-4312-8AA2-B466D5B6C00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "matchCriteriaId": "31A2B1C1-A27E-4479-B2AB-B2B37BC3CCD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "matchCriteriaId": "E449FD93-CD5D-4896-9CE1-DB42BB83A071", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*", "matchCriteriaId": "271F17A5-5808-4EFB-BE1B-47A38FEA1013", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "matchCriteriaId": "ED6F20D8-2C63-47BD-886B-0684EEF89FF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "matchCriteriaId": "B12BEFDE-9FB2-42E9-9638-F459FE274935", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "matchCriteriaId": "3B755E3B-A128-436E-8EE7-98C7F9194D34", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "matchCriteriaId": "B8029B2F-D88D-4BB3-9BD2-54EE034A0C18", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "matchCriteriaId": "9CBDC30D-02D8-4DD2-A0B7-50BCCBAC8A6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "matchCriteriaId": "C2560BAF-E379-477A-BF68-C836543920C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "8BD9164B-4AB4-450C-B3D9-1F14C15ABE67", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A59914E6-D3B8-4289-BE31-0AD2EDC81E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "430CDEEE-28CE-4712-AF95-6790775C4028", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "matchCriteriaId": "A748119F-A5A1-4428-9BC0-1A8BE09C975C", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "matchCriteriaId": "0BC5B393-9BD4-4C26-95D8-50A81CBFF0C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "matchCriteriaId": "09CE1987-E5E5-4F54-BC6E-245F4F02EA60", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "matchCriteriaId": "E3D958FD-DD4D-4732-BE86-7E254E1AAE0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "matchCriteriaId": "A266E261-7C7D-4C1D-BE6D-81FC5D85886D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "matchCriteriaId": "35251CD8-A1E6-445C-8D5F-9ABC61D84B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "matchCriteriaId": "51115706-5A47-4ABF-AC19-274FFEC6C055", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "matchCriteriaId": "A0F44C93-7916-49FC-93C5-C215D6C279BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "matchCriteriaId": "E2F9C9C5-0196-4B28-BB68-344E6DBE189A", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "matchCriteriaId": "AFCB17E7-B40B-49B9-9353-EE06FC9C08E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "matchCriteriaId": "9C917FAC-2489-4B2D-89A6-CF9E47B6983D", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "matchCriteriaId": "16872138-6AF5-418F-998F-1220DA602AE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "matchCriteriaId": "3211336E-0EE6-4676-AEFA-A778176C0ECE", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "matchCriteriaId": "387ABF04-9630-4016-B627-E35547970637", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "matchCriteriaId": "8346B11B-55C9-4043-AF27-138CFCC64850", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "matchCriteriaId": "031909CF-1F8B-494A-9A0A-E6B88ECD9E2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "matchCriteriaId": "965AEAF6-AC84-4745-9707-BBB515C80FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "matchCriteriaId": "502FFF92-072B-451A-ADA8-5FCA59362C47", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "matchCriteriaId": "59E72F2E-48C8-410C-BC9D-732F6E22BA27", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "matchCriteriaId": "0DA38E7D-AB43-4384-A78E-820B46093345", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "matchCriteriaId": "94C62E25-9929-46E0-8712-2D84DB9811ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BCC2C7E-C8AA-48B2-9F14-5CD8E824B5AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "matchCriteriaId": "57480EC4-3D0F-4AD6-BC9C-162702C58336", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*", "matchCriteriaId": "B403CD58-F0F3-4A1E-BBAC-E33B44AD4746", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "matchCriteriaId": "BC51FEF3-CF6C-4C67-B40C-825DA7B7AC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "492760AF-E6C3-490B-B3E9-F354BAFA9B7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "788DD7CA-B34B-4036-86BB-80A9361BE4C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*", "matchCriteriaId": "0634647A-003A-4AE2-8A1E-1220BB949EA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*", "matchCriteriaId": "C077D8E8-BF51-4365-8067-AF88C60BFFC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*", "matchCriteriaId": "38250370-0B8F-4C3A-8309-19EFE912C7A2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", "matchCriteriaId": "70B11FEF-4CBF-4483-A5BD-CDA5AFAE52AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "235DC57F-22B8-4219-9499-7D005D90A654", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EC0B307-B9D2-497B-81CF-B435ABFB1CFA", "versionEndIncluding": "11.7.0", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEFE7E72-D419-4040-81AB-B4934C13909F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."}, {"lang": "es", "value": "Eclipse Jetty versiones 9.2.26 y anteriores, 9.3.25 y anteriores, 9.3.25 y anteriores, y 9.4.15 y anteriores. El servidor es vulnerable a un Cross-Site Scripting (XSS) si un cliente remoto emplea una URL especialmente formada contra el DefaultServlet o ResourceHandler que est\u00e9 configurado para mostrar un listado del contenido de los directorios."}], "id": "CVE-2019-10241", "lastModified": "2023-11-07T03:02:27.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-22T20:29:00.243", "references": [{"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32%40%3Cjira.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1%40%3Cdev.kafka.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"}, {"source": "emo@eclipse.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4949"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "emo@eclipse.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "emo@eclipse.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0922", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "jetty", "product_name": "Red Hat AMQ", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:1445", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "jetty", "product_name": "Red Hat AMQ 7.4.3", "release_date": "2020-04-14T00:00:00Z"}, {"advisory": "RHSA-2020:0983", "cpe": "cpe:/a:redhat:jboss_fuse:7", "product_name": "Red Hat Fuse 7.6.0", "release_date": "2020-03-26T00:00:00Z"}], "bugzilla": {"description": "jetty: using specially formatted URL against DefaultServlet or ResourceHandler leads to XSS conditions", "id": "1705924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705924"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."], "name": "CVE-2019-10241", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "jetty-eclipse", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "jetty", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "jetty", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "jetty", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "impact": "low", "package_name": "nutch", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-java-common-jetty", "product_name": "Red Hat Software Collections"}], "public_date": "2019-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10241\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10241"], "statement": "This issue affects the versions of jetty which is embedded in the nutch package as shipped with Red Hat Satellite 5. The jetty server is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low in the context of Red Hat Satellite 5. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "jetty 9.2.27, jetty 9.3.26, jetty 9.4.16"}