PT-2019-3889 · Eclipse · Eclipse Jetty

Publicado

2019-04-18

Atualizado

2021-06-14

CVE-2019-10246

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Eclipse Jetty versions 9.2.27, 9.3.26, and 9.4.16

Description The issue is related to the exposure of the fully qualified Base Resource directory name on Windows to a remote client when the server is configured to show a listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

Recommendations For Eclipse Jetty version 9.2.27, consider disabling the directory listing feature to prevent exposure of sensitive information. For Eclipse Jetty version 9.3.26, restrict access to the base resource directories to minimize the risk of exploitation. For Eclipse Jetty version 9.4.16, avoid configuring the server to show directory contents until a fix is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-213

Identificadores relacionados

BDU:2019-04282

CVE-2019-10246

GHSA-R28M-G6J9-R2H5

Produtos afetados

Eclipse Jetty

PT-2019-3889 · Eclipse · Eclipse Jetty

CVE-2019-10246

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 22