Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.11.v20180605/f0f25aa2f27d618a04bc7356fa247ae4a05245b3/jetty-util-9.4.11.v20180605.jar
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.4.11.v20180605/66d31900fcfc70e3666f0b3335b6660635154f98/jetty-servlet-9.4.11.v20180605.jar
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
CVE-2019-10241 - Medium Severity Vulnerability
jetty-server-9.4.11.v20180605.jar
The core jetty server artifact.
Library home page: https://webtide.com
Path to dependency file: /build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-server/9.4.11.v20180605/58353c2f27515b007fc83ae22002feb34fc24714/jetty-server-9.4.11.v20180605.jar
Dependency Hierarchy: - :x: **jetty-server-9.4.11.v20180605.jar** (Vulnerable Library)
jetty-util-9.4.11.v20180605.jar
Utility classes for Jetty
Library home page: https://webtide.com
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-util/9.4.11.v20180605/f0f25aa2f27d618a04bc7356fa247ae4a05245b3/jetty-util-9.4.11.v20180605.jar
Dependency Hierarchy: - jetty-servlets-9.4.11.v20180605.jar (Root Library) - :x: **jetty-util-9.4.11.v20180605.jar** (Vulnerable Library)
jetty-servlet-9.4.11.v20180605.jar
Jetty Servlet Container
Library home page: https://webtide.com
Path to dependency file: /build.gradle
Path to vulnerable library: /.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-servlet/9.4.11.v20180605/66d31900fcfc70e3666f0b3335b6660635154f98/jetty-servlet-9.4.11.v20180605.jar
Dependency Hierarchy: - :x: **jetty-servlet-9.4.11.v20180605.jar** (Vulnerable Library)
Found in HEAD commit: 722089816e5192b667c19cb836256ef6da8be1ac
Found in base branch: master
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
Publish Date: 2019-04-22
URL: CVE-2019-10241
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10241
Release Date: 2019-04-22
Fix Resolution (org.eclipse.jetty:jetty-util): 9.4.16.v20190411
Direct dependency fix Resolution (org.eclipse.jetty:jetty-servlets): 9.4.16.v20190411
Step up your Open Source Security Game with Mend here