{"containers": {"cna": {"affected": [{"product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [{"status": "affected", "version": "9.2.27"}, {"status": "affected", "version": "9.3.26"}, {"status": "affected", "version": "9.4.16"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-213", "description": "CWE-213: Intentional Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-14T17:20:06", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "ID": "CVE-2019-10246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Jetty", "version": {"version_data": [{"version_affected": "=", "version_value": "9.2.27"}, {"version_affected": "=", "version_value": "9.3.26"}, {"version_affected": "=", "version_value": "9.4.16"}]}}]}, "vendor_name": "The Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-213: Intentional Information Exposure"}]}]}, "references": {"reference_data": [{"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"}, {"name": "https://security.netapp.com/advisory/ntap-20190509-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:19.655Z"}, "title": "CVE Program Container", "references": [{"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2019-10246", "datePublished": "2019-04-22T20:14:49", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:19.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:9.2.27:20190403:*:*:*:*:*:*", "matchCriteriaId": "B70DE29A-21EC-4D22-9E5F-F8E5BB5C6CF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.26:20190403:*:*:*:*:*:*", "matchCriteriaId": "88FC7601-A04D-4E66-ABA1-397509EFFCB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.16:20190411:*:*:*:*:*:*", "matchCriteriaId": "7DBD80AB-9248-4020-8950-0613D65C29D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*", "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "D5D73B53-9750-4844-A767-21F8A0CEE0B3", "versionStartIncluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storage_services_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "C27762B9-8042-429B-B714-3B3A17B2842A", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B", "versionStartIncluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "414F07E7-7D77-4A1B-B665-4B87F5DC65A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "FF852A4C-7818-408D-A46B-2F4EE1AB8895", "versionStartIncluding": "9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:9.6:*:*:*:*:*:*:*", "matchCriteriaId": "0F64A01A-B1FA-4220-B1F8-AEAA5BB17F7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", "matchCriteriaId": "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EB1FC94-5100-496D-92DA-09294676F889", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3287751-9F54-4806-81D2-E28A42DF1407", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "40F194FC-4116-45C4-A5B4-B9822EAC3250", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3:*:*:*:*:*:*:*", "matchCriteriaId": "7DBED5A1-5D0A-40D6-ACF1-695F7FCA70FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EC0B307-B9D2-497B-81CF-B435ABFB1CFA", "versionEndIncluding": "11.7.0", "versionStartIncluding": "11.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEFE7E72-D419-4040-81AB-B4934C13909F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:unified_directory:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A5AE593-EAA2-4C0E-A005-EAAB0F8AFFEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:unified_directory:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BAC21315-E951-495D-A52A-29CD051D8A9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories."}, {"lang": "es", "value": "En Eclipse Jetty versi\u00f3n 9.2.27, versi\u00f3n 9.3.26 y versi\u00f3n 9.4.16 , el servidor que es ejecutado en Windows es vulnerable a la exposici\u00f3n del nombre del directorio Base Resource totalmente calificado en Windows a un cliente remoto cuando est\u00e1 configurado para mostrar un contenido de listado de directorios (Listing of directory). Esta informaci\u00f3n revelada est\u00e1 restringida solo al contenido en los directorios de recursos base configurados"}], "id": "CVE-2019-10246", "lastModified": "2024-11-21T04:18:44.090", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-22T20:29:00.303", "references": [{"source": "emo@eclipse.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"source": "emo@eclipse.org", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"source": "emo@eclipse.org", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190509-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-213"}], "source": "emo@eclipse.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "jetty: Directory Listing on Windows reveals Resource Base path", "id": "2187703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187703"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "(CWE-200|CWE-213)", "details": ["In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.", "A flaw was found in Eclipse Jetty. This issue may lead to exposure of the fully qualified Base Resource directory name on Windows to a remote client when configured to show a listing of directory contents. By sending a specially-crafted request, a remote attacker could obtain sensitive information."], "name": "CVE-2019-10246", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "jetty", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2019-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10246\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10246\nhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=546576\nhttps://github.com/eclipse/jetty.project/issues/3549"], "statement": "This CVE only impacts users using Eclipse Jetty on Windows.", "threat_severity": "Low"}

{}