DEBIAN-CVE-2019-10247

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2019-10247

Downstream

DLA-2661-1 DSA-4949-1

Published: 22 Apr 2019, 20:29

Last modified:28 Apr 2026, 20:19

Vulnerability Summary

Overall Risk (default)

low

21/100

CVSS Score

5.3 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

22 Apr 2019, 20:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:19

Last Modified

Vulnerability information updated

Description

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

CVSS Metrics

v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Systems

debian•jetty9
< 9.4.18-2 | < 9.4.18-2 | < 9.4.18-2 | < 9.4.18-2

References (1)

https://security-tracker.debian.org/tracker/CVE-2019-10247