CVE-2019-10247 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-10247 Interim 1 8 2022-11-09T01:44:17Z current 2021-10-30T00:59:33Z 2022-11-09T01:44:17Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-10247 In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-http jetty-io jetty-minimal jetty-security jetty-server jetty-servlet jetty-util jetty-util-ajax jetty-http as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-io as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-security as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-server as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-servlet as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-util as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-util-ajax as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 jetty-minimal as a component of SUSE Linux Enterprise Module for Development Tools 15 SP2 In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context. CVE-2019-10247 SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-http SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-io SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-minimal SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-security SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-server SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-servlet SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util SUSE Linux Enterprise Module for Development Tools 15 SP2:jetty-util-ajax moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N