CVE-2019-10246

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-10246

CGA ID

CGA-qhh8-pqqr-j7px

Severity

Unknown

Description

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

References

https://images.chainguard.dev/security/CGA-qhh8-pqqr-j7px
https://github.com/advisories/GHSA-r28m-g6j9-r2h5
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576
https://security.netapp.com/advisory/ntap-20190509-0003/
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2019-10246

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources