[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-12536":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":43,"aliases":44,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":54,"related":55,"reserved_at":9,"published_at":56,"modified_at":57,"state":58,"summary":59,"references_raw":68,"kevs":135,"epss":136,"epss_history":139,"metrics":395,"affected":407},"CVE-2018-12536","In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.",null,[11,18],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],{"_key":19,"id":19,"name":20,"description":21,"type":22,"status":23,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-209","Generation of Error Message Containing Sensitive Information","The product generates an error message that includes sensitive information about its environment, users, or associated data.","weakness","Draft","Base","High",[27,31,35,39],{"id":28,"name":29,"techniques":30},"CAPEC-215","Fuzzing for application mapping",[],{"id":32,"name":33,"techniques":34},"CAPEC-463","Padding Oracle Crypto Attack",[],{"id":36,"name":37,"techniques":38},"CAPEC-54","Query System for Information",[],{"id":40,"name":41,"techniques":42},"CAPEC-7","Blind SQL Injection",[],[],[45],"GHSA-9rgv-h7x4-qw8g",[],[48,50,52],{"_key":49},"UBUNTU-CVE-2018-12536",{"_key":51},"DLA-2661-1",{"_key":53},"DEBIAN-CVE-2018-12536",[],[],"2018-06-27T17:00:00.000Z","2024-08-05T08:38:06.220Z","Modified",{"cisa_kev":60,"cisa_ransomware":60,"cisa_vendor":9,"epss_severity":61,"epss_score":62,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":58},false,"low",0.0351,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",[69,77,83,91,95,100,104,109,113,118,123,127,131],{"url":70,"sources":71,"tags":73},"http://www.securitytracker.com/id/1041194",[72,66],"cve.org",[74,75,76],"VDB Entry","X Refsource SECTRACK","Third Party Advisory",{"url":78,"sources":79,"tags":80},"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E",[72,66],[81,82],"Mailing List","X Refsource MLIST",{"url":84,"sources":85,"tags":87},"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",[72,66,86],"osv_maven",[88,89,76,90],"X Refsource MISC","Patch","WEB",{"url":92,"sources":93,"tags":94},"https://www.oracle.com/security-alerts/cpuoct2020.html",[72,66,86],[88,90],{"url":96,"sources":97,"tags":98},"https://security.netapp.com/advisory/ntap-20181014-0001/",[72,66],[99,76],"X Refsource CONFIRM",{"url":101,"sources":102,"tags":103},"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us",[72,66,86],[99,76,90],{"url":105,"sources":106,"tags":107},"https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670",[72,66,86],[99,108,90],"Vendor Advisory",{"url":110,"sources":111,"tags":112},"https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html",[72,66,86],[81,82,90],{"url":114,"sources":115,"tags":116},"https://nvd.nist.gov/vuln/detail/CVE-2018-12536",[86],[117],"Advisory",{"url":119,"sources":120,"tags":121},"https://github.com/eclipse/jetty.project",[86],[122],"PACKAGE",{"url":124,"sources":125,"tags":126},"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E",[86],[90],{"url":128,"sources":129,"tags":130},"https://security.netapp.com/advisory/ntap-20181014-0001",[86],[90],{"url":132,"sources":133,"tags":134},"https://web.archive.org/web/20200516001904/http://www.securitytracker.com/id/1041194",[86],[90],[],{"date":137,"score":62,"percentile":138},"2026-06-04",0.87838,[140,144,147,150,153,156,159,162,164,167,170,173,176,178,181,185,188,191,194,197,200,202,205,207,209,212,215,218,222,225,227,229,232,234,237,239,241,244,247,250,253,256,259,261,263,266,269,272,275,277,280,283,286,289,293,296,299,303,306,310,313,316,319,322,325,327,330,332,335,338,340,343,346,348,351,354,357,360,362,365,367,370,373,376,379,382,384,387,389,392],{"date":141,"score":142,"percentile":143},"2025-11-04",0.02798,0.85577,{"date":145,"score":142,"percentile":146},"2025-11-05",0.8558,{"date":148,"score":142,"percentile":149},"2025-11-06",0.85583,{"date":151,"score":142,"percentile":152},"2025-11-07",0.85592,{"date":154,"score":142,"percentile":155},"2025-11-08",0.85594,{"date":157,"score":142,"percentile":158},"2025-11-09",0.8559,{"date":160,"score":142,"percentile":161},"2025-11-10",0.85588,{"date":163,"score":142,"percentile":152},"2025-11-11",{"date":165,"score":142,"percentile":166},"2025-11-12",0.85603,{"date":168,"score":142,"percentile":169},"2025-11-13",0.8561,{"date":171,"score":142,"percentile":172},"2025-11-14",0.85613,{"date":174,"score":142,"percentile":175},"2025-11-15",0.85605,{"date":177,"score":142,"percentile":166},"2025-11-16",{"date":179,"score":142,"percentile":180},"2025-11-17",0.85589,{"date":182,"score":183,"percentile":184},"2025-11-18",0.01173,0.7688,{"date":186,"score":183,"percentile":187},"2025-11-19",0.76886,{"date":189,"score":183,"percentile":190},"2025-11-20",0.76896,{"date":192,"score":142,"percentile":193},"2025-11-21",0.856,{"date":195,"score":142,"percentile":196},"2025-11-22",0.85596,{"date":198,"score":142,"percentile":199},"2025-11-23",0.85587,{"date":201,"score":142,"percentile":161},"2025-11-24",{"date":203,"score":142,"percentile":204},"2025-11-25",0.85585,{"date":206,"score":142,"percentile":199},"2025-11-26",{"date":208,"score":142,"percentile":199},"2025-11-27",{"date":210,"score":142,"percentile":211},"2025-11-28",0.85566,{"date":213,"score":142,"percentile":214},"2025-11-29",0.85617,{"date":216,"score":142,"percentile":217},"2025-11-30",0.85615,{"date":219,"score":220,"percentile":221},"2025-12-01",0.01282,0.79074,{"date":223,"score":220,"percentile":224},"2025-12-02",0.79076,{"date":226,"score":220,"percentile":224},"2025-12-03",{"date":228,"score":142,"percentile":217},"2025-12-04",{"date":230,"score":142,"percentile":231},"2025-12-05",0.85619,{"date":233,"score":142,"percentile":217},"2025-12-06",{"date":235,"score":142,"percentile":236},"2025-12-07",0.85602,{"date":238,"score":142,"percentile":166},"2025-12-08",{"date":240,"score":142,"percentile":172},"2025-12-09",{"date":242,"score":142,"percentile":243},"2025-12-10",0.85634,{"date":245,"score":142,"percentile":246},"2025-12-11",0.85641,{"date":248,"score":142,"percentile":249},"2025-12-12",0.85643,{"date":251,"score":142,"percentile":252},"2025-12-13",0.85639,{"date":254,"score":142,"percentile":255},"2025-12-14",0.85632,{"date":257,"score":142,"percentile":258},"2025-12-15",0.85628,{"date":260,"score":142,"percentile":243},"2025-12-16",{"date":262,"score":142,"percentile":252},"2025-12-17",{"date":264,"score":142,"percentile":265},"2025-12-18",0.85645,{"date":267,"score":142,"percentile":268},"2025-12-19",0.85649,{"date":270,"score":142,"percentile":271},"2025-12-20",0.85646,{"date":273,"score":142,"percentile":274},"2025-12-21",0.85647,{"date":276,"score":142,"percentile":271},"2025-12-22",{"date":278,"score":142,"percentile":279},"2025-12-23",0.85653,{"date":281,"score":142,"percentile":282},"2025-12-24",0.85657,{"date":284,"score":142,"percentile":285},"2025-12-25",0.85673,{"date":287,"score":142,"percentile":288},"2025-12-26",0.85674,{"date":290,"score":291,"percentile":292},"2025-12-27",0.0422,0.88448,{"date":294,"score":142,"percentile":295},"2025-12-28",0.85667,{"date":297,"score":142,"percentile":298},"2025-12-29",0.85664,{"date":300,"score":301,"percentile":302},"2025-12-30",0.03306,0.8686,{"date":304,"score":301,"percentile":305},"2025-12-31",0.8687,{"date":307,"score":308,"percentile":309},"2026-01-01",0.01521,0.80917,{"date":311,"score":308,"percentile":312},"2026-01-02",0.80915,{"date":314,"score":308,"percentile":315},"2026-01-03",0.80911,{"date":317,"score":301,"percentile":318},"2026-01-04",0.86868,{"date":320,"score":301,"percentile":321},"2026-01-05",0.86863,{"date":323,"score":301,"percentile":324},"2026-01-06",0.86866,{"date":326,"score":301,"percentile":318},"2026-01-07",{"date":328,"score":301,"percentile":329},"2026-01-08",0.86877,{"date":331,"score":301,"percentile":329},"2026-01-09",{"date":333,"score":301,"percentile":334},"2026-01-10",0.86878,{"date":336,"score":301,"percentile":337},"2026-01-11",0.86872,{"date":339,"score":301,"percentile":305},"2026-01-12",{"date":341,"score":301,"percentile":342},"2026-01-13",0.86867,{"date":344,"score":301,"percentile":345},"2026-01-14",0.86879,{"date":347,"score":301,"percentile":345},"2026-01-15",{"date":349,"score":301,"percentile":350},"2026-01-16",0.86885,{"date":352,"score":301,"percentile":353},"2026-01-17",0.86886,{"date":355,"score":301,"percentile":356},"2026-01-18",0.86888,{"date":358,"score":301,"percentile":359},"2026-01-19",0.86883,{"date":361,"score":301,"percentile":334},"2026-01-20",{"date":363,"score":301,"percentile":364},"2026-01-21",0.86882,{"date":366,"score":301,"percentile":353},"2026-01-22",{"date":368,"score":301,"percentile":369},"2026-01-23",0.86899,{"date":371,"score":301,"percentile":372},"2026-01-24",0.86906,{"date":374,"score":301,"percentile":375},"2026-01-25",0.869,{"date":377,"score":301,"percentile":378},"2026-01-26",0.86896,{"date":380,"score":301,"percentile":381},"2026-01-27",0.86897,{"date":383,"score":301,"percentile":375},"2026-01-28",{"date":385,"score":301,"percentile":386},"2026-01-29",0.86902,{"date":388,"score":301,"percentile":386},"2026-01-30",{"date":390,"score":301,"percentile":391},"2026-01-31",0.86904,{"date":393,"score":308,"percentile":394},"2026-02-01",0.80972,[396,405],{"source":66,"cvss_v2_0":397,"cvss_v3_0":9,"cvss_v3_1":402,"cvss_v4_0":9},{"baseScore":398,"baseSeverity":9,"vectorString":399,"impactScore":400,"exploitabilityScore":401},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":64,"baseSeverity":403,"vectorString":67,"impactScore":404,"exploitabilityScore":401},"MEDIUM",2.3,{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":406,"cvss_v4_0":9},{"baseScore":64,"baseSeverity":9,"vectorString":67,"impactScore":404,"exploitabilityScore":401},[408,429,443,456],{"ecosystem":9,"name":409,"vendor":410,"product":409,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"jetty","eclipse","a",[413,420,425],{"version":414,"is_range":415,"range_type":416,"version_start":417,"version_start_type":418,"version_end":419,"version_end_type":418,"fixed_in":9},"gte9.0.0_lte9.2.26",true,"cpe","9.0.0","including","9.2.26",{"version":421,"is_range":415,"range_type":416,"version_start":422,"version_start_type":418,"version_end":423,"version_end_type":424,"fixed_in":9},"gte9.3.0_lt9.3.24","9.3.0","9.3.24","excluding",{"version":426,"is_range":415,"range_type":416,"version_start":427,"version_start_type":418,"version_end":428,"version_end_type":424,"fixed_in":9},"gte9.4.0_lt9.4.11","9.4.0","9.4.11",{"ecosystem":430,"name":431,"vendor":432,"product":433,"cpe_part":9,"purl_type":434,"purl_namespace":432,"purl_name":433,"source":9,"versions":435},"Maven","org.eclipse.jetty:jetty-server","org.eclipse.jetty","jetty-server","maven",[436,440],{"version":437,"is_range":415,"range_type":438,"version_start":427,"version_start_type":418,"version_end":439,"version_end_type":424,"fixed_in":9},"gte9_4_0_lt9_4_11_v20180605","ecosystem","9.4.11.v20180605",{"version":441,"is_range":415,"range_type":438,"version_start":417,"version_start_type":418,"version_end":442,"version_end_type":424,"fixed_in":9},"gte9_0_0_lt9_3_24_v20180605","9.3.24.v20180605",{"ecosystem":9,"name":444,"vendor":445,"product":446,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"retail xstore point of service","oracle","retail_xstore_point_of_service",[448,450,452,454],{"version":449,"is_range":60,"range_type":416,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.1",{"version":451,"is_range":60,"range_type":416,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":453,"is_range":60,"range_type":416,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"16.0.0",{"version":455,"is_range":60,"range_type":416,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"17.0",{"ecosystem":9,"name":457,"vendor":458,"product":459,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":460},"Eclipse Jetty","the eclipse foundation","eclipse jetty",[461,465,467,469,471],{"version":462,"is_range":415,"range_type":72,"version_start":463,"version_start_type":418,"version_end":464,"version_end_type":418,"fixed_in":9},">= unspecified, \u003C= 9.2.0","unspecified","9.2.0",{"version":466,"is_range":415,"range_type":72,"version_start":422,"version_start_type":418,"version_end":463,"version_end_type":424,"fixed_in":9},">= 9.3.0, \u003C unspecified",{"version":468,"is_range":415,"range_type":72,"version_start":463,"version_start_type":418,"version_end":423,"version_end_type":424,"fixed_in":9},">= unspecified, \u003C 9.3.24",{"version":470,"is_range":415,"range_type":72,"version_start":427,"version_start_type":418,"version_end":463,"version_end_type":424,"fixed_in":9},">= 9.4.0, \u003C unspecified",{"version":472,"is_range":415,"range_type":72,"version_start":463,"version_start_type":418,"version_end":428,"version_end_type":424,"fixed_in":9},">= unspecified, \u003C 9.4.11"]