CVE-2019-10241

In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

CVSS v3.0 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121	Issue Tracking Vendor Advisory
https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0003/	Third Party Advisory
https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E	Mailing List Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html	Mailing List Third Party Advisory
https://www.debian.org/security/2021/dsa-4949	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:eclipse:jetty:9.2.6:20141205::::::
	cpe:2.3:a:eclipse:jetty:9.2.7:20150116::::::
	cpe:2.3:a:eclipse:jetty:9.2.8:20150217::::::
	cpe:2.3:a:eclipse:jetty:9.2.9:20150224::::::
	cpe:2.3:a:eclipse:jetty:9.2.19:20160908::::::
	cpe:2.3:a:eclipse:jetty:9.2.20:20161216::::::
	cpe:2.3:a:eclipse:jetty:9.2.21:20170120::::::
	cpe:2.3:a:eclipse:jetty:9.2.22:20170606::::::
	cpe:2.3:a:eclipse:jetty:9.3.2:20150730::::::
	cpe:2.3:a:eclipse:jetty:9.3.3:20150825::::::
	cpe:2.3:a:eclipse:jetty:9.3.3:20150827::::::
	cpe:2.3:a:eclipse:jetty:9.3.4:20151005::::::
	cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0::::::
	cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1::::::
	cpe:2.3:a:eclipse:jetty:9.3.10:20160621::::::
	cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0::::::
	cpe:2.3:a:eclipse:jetty:9.3.11:20160721::::::
	cpe:2.3:a:eclipse:jetty:9.3.20:20170531::::::
	cpe:2.3:a:eclipse:jetty:9.3.21:20170918::::::
	cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0::::::
	cpe:2.3:a:eclipse:jetty:9.3.21:rc0::::::
	cpe:2.3:a:eclipse:jetty:9.4.1:20170120::::::
	cpe:2.3:a:eclipse:jetty:9.4.1:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.2:20170220::::::
	cpe:2.3:a:eclipse:jetty:9.4.2:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.8:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.9:20180320::::::
	cpe:2.3:a:eclipse:jetty:9.4.10:20180503::::::
	cpe:2.3:a:eclipse:jetty:9.4.10:rc0::::::
	cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1::::::
	cpe:2.3:a:eclipse:jetty:9.2.0:rc0::::::
	cpe:2.3:a:eclipse:jetty:9.2.1:20140609::::::
	cpe:2.3:a:eclipse:jetty:9.2.2:20140723::::::
	cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0::::::
	cpe:2.3:a:eclipse:jetty:9.2.13:20150730::::::
	cpe:2.3:a:eclipse:jetty:9.2.14:20151106::::::
	cpe:2.3:a:eclipse:jetty:9.2.15:20160210::::::
	cpe:2.3:a:eclipse:jetty:9.3.0:20150601::::::
	cpe:2.3:a:eclipse:jetty:9.3.0:20150608::::::
	cpe:2.3:a:eclipse:jetty:9.3.0:20150612::::::
	cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2::::::
	cpe:2.3:a:eclipse:jetty:9.3.6:20151106::::::
	cpe:2.3:a:eclipse:jetty:9.3.7:20160115::::::
	cpe:2.3:a:eclipse:jetty:9.3.7:rc0::::::
	cpe:2.3:a:eclipse:jetty:9.3.7:rc1::::::
	cpe:2.3:a:eclipse:jetty:9.3.14:20161028::::::
	cpe:2.3:a:eclipse:jetty:9.3.15:20161220::::::
	cpe:2.3:a:eclipse:jetty:9.3.16:20170119::::::
	cpe:2.3:a:eclipse:jetty:9.3.16:20170120::::::
	cpe:2.3:a:eclipse:jetty:9.4.0:20161207::::::
	cpe:2.3:a:eclipse:jetty:9.4.0:20161208::::::
	cpe:2.3:a:eclipse:jetty:9.4.0:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0::::::
	cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1::::::
	cpe:2.3:a:eclipse:jetty:9.4.4:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.5:20170502::::::
	cpe:2.3:a:eclipse:jetty:9.4.5:20180619::::::
	cpe:2.3:a:eclipse:jetty:9.4.6:20170531::::::
	cpe:2.3:a:eclipse:jetty:9.4.12:rc1::::::
	cpe:2.3:a:eclipse:jetty:9.4.12:rc2::::::
	cpe:2.3:a:eclipse:jetty:9.4.13:20181111::::::
	cpe:2.3:a:eclipse:jetty:9.4.14:20181114::::::
	cpe:2.3:a:eclipse:jetty:9.2.0:20140526::::::
	cpe:2.3:a:eclipse:jetty:9.2.4:20141103::::::
cpe:2.3:a:eclipse:jetty:9.2.6:20141203::::::
cpe:2.3:a:eclipse:jetty:9.2.10:20150310::::::
cpe:2.3:a:eclipse:jetty:9.2.11:20150529::::::
cpe:2.3:a:eclipse:jetty:9.2.12:20150709::::::
cpe:2.3:a:eclipse:jetty:9.2.16:20160407::::::
cpe:2.3:a:eclipse:jetty:9.2.17:20160517::::::
cpe:2.3:a:eclipse:jetty:9.2.24:20180105::::::
cpe:2.3:a:eclipse:jetty:9.2.26:20180806::::::
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0::::::
cpe:2.3:a:eclipse:jetty:9.3.0:rc0::::::
cpe:2.3:a:eclipse:jetty:9.3.1:20150714::::::
cpe:2.3:a:eclipse:jetty:9.3.4:20151007::::::
cpe:2.3:a:eclipse:jetty:9.3.4:rc1::::::
cpe:2.3:a:eclipse:jetty:9.3.8:20160314::::::
cpe:2.3:a:eclipse:jetty:9.3.9:20160517::::::
cpe:2.3:a:eclipse:jetty:9.3.12:20160915::::::
cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0::::::
cpe:2.3:a:eclipse:jetty:9.3.17:20170317::::::
cpe:2.3:a:eclipse:jetty:9.3.18:20170406::::::
cpe:2.3:a:eclipse:jetty:9.3.23:20180228::::::
cpe:2.3:a:eclipse:jetty:9.3.25:20180904::::::
cpe:2.3:a:eclipse:jetty:9.4.0:rc1::::::
cpe:2.3:a:eclipse:jetty:9.4.0:rc3::::::
cpe:2.3:a:eclipse:jetty:9.4.3:20170317::::::
cpe:2.3:a:eclipse:jetty:9.4.4:20170410::::::
cpe:2.3:a:eclipse:jetty:9.4.7:20170914::::::
cpe:2.3:a:eclipse:jetty:9.4.7:rc0::::::
cpe:2.3:a:eclipse:jetty:9.4.11:20180605::::::
cpe:2.3:a:eclipse:jetty:9.4.12:rc0::::::
cpe:2.3:a:eclipse:jetty:9.4.15:20190215::::::
cpe:2.3:a:eclipse:jetty:9.2.0:20140523::::::
cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0::::::
cpe:2.3:a:eclipse:jetty:9.2.3:20140905::::::
cpe:2.3:a:eclipse:jetty:9.2.5:20141112::::::
cpe:2.3:a:eclipse:jetty:9.2.11:20150528::::::
cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0::::::
cpe:2.3:a:eclipse:jetty:9.2.16:20160414::::::
cpe:2.3:a:eclipse:jetty:9.2.18:20160721::::::
cpe:2.3:a:eclipse:jetty:9.2.23:20171218::::::
cpe:2.3:a:eclipse:jetty:9.2.25:20180606::::::
cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1::::::
cpe:2.3:a:eclipse:jetty:9.3.0:rc1::::::
cpe:2.3:a:eclipse:jetty:9.3.4:rc0::::::
cpe:2.3:a:eclipse:jetty:9.3.5:20151012::::::
cpe:2.3:a:eclipse:jetty:9.3.8:20160311::::::
cpe:2.3:a:eclipse:jetty:9.3.8:rc0::::::
cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0::::::
cpe:2.3:a:eclipse:jetty:9.3.13:20161014::::::
cpe:2.3:a:eclipse:jetty:9.3.17:rc0::::::
cpe:2.3:a:eclipse:jetty:9.3.19:20170502::::::
cpe:2.3:a:eclipse:jetty:9.3.22:20171030::::::
cpe:2.3:a:eclipse:jetty:9.3.24:20180605::::::
cpe:2.3:a:eclipse:jetty:9.4.0:rc0::::::
cpe:2.3:a:eclipse:jetty:9.4.0:rc2::::::
cpe:2.3:a:eclipse:jetty:9.4.3:20180619::::::
cpe:2.3:a:eclipse:jetty:9.4.4:20170414::::::
cpe:2.3:a:eclipse:jetty:9.4.6:20180619::::::
cpe:2.3:a:eclipse:jetty:9.4.7:20180619::::::
cpe:2.3:a:eclipse:jetty:9.4.8:20171121::::::
cpe:2.3:a:eclipse:jetty:9.4.10:rc1::::::
cpe:2.3:a:eclipse:jetty:9.4.12:20180830::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:apache:activemq:5.15.9:::::::*
	cpe:2.3:a:apache:drill:1.16.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:::::::*
	cpe:2.3:a:oracle:flexcube_core_banking::::::::
	cpe:2.3:a:oracle:rest_data_services:11.2.0.4::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.1.0.2::::-:::
	cpe:2.3:a:oracle:rest_data_services:12.2.0.1::::-:::
	cpe:2.3:a:oracle:rest_data_services:18c::::-:::
	cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::*

Information

Published : 2019-04-22 13:29

Updated : 2022-04-22 13:06

NVD link : CVE-2019-10241

Mitre link : CVE-2019-10241

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

apache

drill
activemq

oracle

flexcube_core_banking
rest_data_services
retail_xstore_point_of_service

eclipse

jetty

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/d7c4a664a34853f57c2163ab562f39802df5cf809523ea40c97289c1@%3Cdev.kafka.apache.org%3E", "name": "[kafka-dev] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/464892b514c029dfc0c8656a93e1c0de983c473df70fdadbd224e09f@%3Cjira.kafka.apache.org%3E", "name": "[kafka-jira] 20190501 [jira] [Created] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/bcfb37bfba7b3d7e9c7808b5e5a38a98d6bb714d52cf5162bdd48e32@%3Cjira.kafka.apache.org%3E", "name": "[kafka-jira] 20190503 [jira] [Assigned] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/8bff534863c7aaf09bb17c3d0532777258dd3a5c7ddda34198cc2742@%3Cdev.kafka.apache.org%3E", "name": "[kafka-dev] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/01e004c3f7c7365863a27e7038b7f32dae56ccf3a496b277c9b7f7b6@%3Cjira.kafka.apache.org%3E", "name": "[kafka-jira] 20190503 [jira] [Resolved] (KAFKA-8308) Update jetty for security vulnerability CVE-2019-10241", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.netapp.com/advisory/ntap-20190509-0003/", "name": "https://security.netapp.com/advisory/ntap-20190509-0003/", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E", "name": "[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E", "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html", "name": "[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2021/dsa-4949", "name": "DSA-4949", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-10241", "ASSIGNER": "security@eclipse.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}}, "publishedDate": "2019-04-22T20:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "11.7.0", "versionStartIncluding": "11.5.0"}, {"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-04-22T20:06Z"}

6.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2019-10241

6.1^/10

4.3^/10

Attach tags to `CVE-2019-10241`