Attacker Value
Unknown
CVE-2019-10247
CVE-2019-10247
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.3 Medium
Impact Score:
1.4
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None
General Information
Vendors
- debian,
- eclipse,
- netapp,
- oracle
Products
- autovue 21.0.2,
- communications analytics 12.1.1,
- communications element manager 8.0.0,
- communications element manager 8.1.0,
- communications element manager 8.1.1,
- communications element manager 8.2.0,
- communications services gatekeeper 6.0,
- communications services gatekeeper 6.1,
- communications services gatekeeper 7.0,
- communications session report manager 8.0.0,
- communications session report manager 8.1.0,
- communications session report manager 8.1.1,
- communications session report manager 8.2.0,
- communications session route manager 8.0.0,
- communications session route manager 8.1.0,
- communications session route manager 8.1.1,
- communications session route manager 8.2.0,
- data integrator 12.2.1.3.0,
- data integrator 12.2.1.4.0,
- debian linux 10.0,
- debian linux 9.0,
- element -,
- endeca information discovery integrator 3.2.0,
- enterprise manager base platform 13.2,
- enterprise manager base platform 13.3,
- flexcube core banking,
- flexcube core banking 5.2.0,
- flexcube private banking 12.0.0,
- flexcube private banking 12.1.0,
- fmw platform 12.2.1.3.0,
- fmw platform 12.2.1.4.0,
- hospitality guest access 4.2.0,
- hospitality guest access 4.2.1,
- jetty 7.0.0,
- jetty 7.0.1,
- jetty 7.0.2,
- jetty 7.1.0,
- jetty 7.1.1,
- jetty 7.1.2,
- jetty 7.1.3,
- jetty 7.1.4,
- jetty 7.1.5,
- jetty 7.1.6,
- jetty 7.2.0,
- jetty 7.2.1,
- jetty 7.2.2,
- jetty 7.3.0,
- jetty 7.3.1,
- jetty 7.4.0,
- jetty 7.4.1,
- jetty 7.4.2,
- jetty 7.4.3,
- jetty 7.4.4,
- jetty 7.4.5,
- jetty 7.5.0,
- jetty 7.5.1,
- jetty 7.5.2,
- jetty 7.5.3,
- jetty 7.5.4,
- jetty 7.6.0,
- jetty 7.6.1,
- jetty 7.6.10,
- jetty 7.6.11,
- jetty 7.6.12,
- jetty 7.6.13,
- jetty 7.6.14,
- jetty 7.6.15,
- jetty 7.6.16,
- jetty 7.6.17,
- jetty 7.6.18,
- jetty 7.6.19,
- jetty 7.6.2,
- jetty 7.6.20,
- jetty 7.6.21,
- jetty 7.6.3,
- jetty 7.6.4,
- jetty 7.6.5,
- jetty 7.6.6,
- jetty 7.6.7,
- jetty 7.6.8,
- jetty 7.6.9,
- jetty 8.0.0,
- jetty 8.0.1,
- jetty 8.0.2,
- jetty 8.0.3,
- jetty 8.0.4,
- jetty 8.1.0,
- jetty 8.1.1,
- jetty 8.1.10,
- jetty 8.1.11,
- jetty 8.1.12,
- jetty 8.1.13,
- jetty 8.1.14,
- jetty 8.1.15,
- jetty 8.1.16,
- jetty 8.1.17,
- jetty 8.1.18,
- jetty 8.1.19,
- jetty 8.1.2,
- jetty 8.1.20,
- jetty 8.1.21,
- jetty 8.1.22,
- jetty 8.1.3,
- jetty 8.1.4,
- jetty 8.1.5,
- jetty 8.1.6,
- jetty 8.1.7,
- jetty 8.1.8,
- jetty 8.1.9,
- jetty 8.2.0,
- jetty 9.0.0,
- jetty 9.0.1,
- jetty 9.0.2,
- jetty 9.0.3,
- jetty 9.0.4,
- jetty 9.0.5,
- jetty 9.0.6,
- jetty 9.0.7,
- jetty 9.1.0,
- jetty 9.1.1,
- jetty 9.1.2,
- jetty 9.1.3,
- jetty 9.1.4,
- jetty 9.1.5,
- jetty 9.1.6,
- jetty 9.2.0,
- jetty 9.2.1,
- jetty 9.2.10,
- jetty 9.2.11,
- jetty 9.2.12,
- jetty 9.2.13,
- jetty 9.2.14,
- jetty 9.2.15,
- jetty 9.2.16,
- jetty 9.2.17,
- jetty 9.2.18,
- jetty 9.2.19,
- jetty 9.2.2,
- jetty 9.2.20,
- jetty 9.2.21,
- jetty 9.2.22,
- jetty 9.2.23,
- jetty 9.2.24,
- jetty 9.2.25,
- jetty 9.2.26,
- jetty 9.2.27,
- jetty 9.2.3,
- jetty 9.2.4,
- jetty 9.2.5,
- jetty 9.2.6,
- jetty 9.2.7,
- jetty 9.2.8,
- jetty 9.2.9,
- jetty 9.3.0,
- jetty 9.3.1,
- jetty 9.3.10,
- jetty 9.3.11,
- jetty 9.3.12,
- jetty 9.3.13,
- jetty 9.3.14,
- jetty 9.3.15,
- jetty 9.3.16,
- jetty 9.3.17,
- jetty 9.3.18,
- jetty 9.3.19,
- jetty 9.3.2,
- jetty 9.3.20,
- jetty 9.3.21,
- jetty 9.3.22,
- jetty 9.3.23,
- jetty 9.3.24,
- jetty 9.3.25,
- jetty 9.3.26,
- jetty 9.3.3,
- jetty 9.3.4,
- jetty 9.3.5,
- jetty 9.3.6,
- jetty 9.3.7,
- jetty 9.3.8,
- jetty 9.3.9,
- jetty 9.4.0,
- jetty 9.4.1,
- jetty 9.4.10,
- jetty 9.4.11,
- jetty 9.4.12,
- jetty 9.4.13,
- jetty 9.4.14,
- jetty 9.4.15,
- jetty 9.4.2,
- jetty 9.4.3,
- jetty 9.4.4,
- jetty 9.4.5,
- jetty 9.4.6,
- jetty 9.4.7,
- jetty 9.4.8,
- jetty 9.4.9,
- oncommand system manager,
- retail xstore point of service 15.0,
- retail xstore point of service 16.0,
- retail xstore point of service 17.0,
- retail xstore point of service 7.1,
- snap creator framework -,
- snapcenter -,
- snapmanager -,
- storage replication adapter for clustered data ontap,
- storage services connector -,
- unified directory 12.2.1.3.0,
- unified directory 12.2.1.4.0,
- vasa provider for clustered data ontap,
- virtual storage console
References
Advisory
Miscellaneous
