MEDIUM✓ PATCH🇬🇧 English

CVE-2019-10246

CVSS 5.3v3.1pub. 2019-04-22upd. 2024-11-21

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Eclipse Jetty

    APP
    Eclipse
    9.2.279.3.269.4.16
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
  • Netapp Element

    OS
    Netapp
    wszystkie wersje
  • Netapp Oncommand System Manager

    APP
    Netapp
    3.0 – 3.1.3
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Snap Creator Framework

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapmanager

    APP
    Netapp
    wszystkie wersje
  • Netapp Storage Replication Adapter For Clustered Data Ontap

    APP
    Netapp
    9.6≥ 9.6
  • Netapp Storage Services Connector

    APP
    Netapp
    wszystkie wersje
  • Netapp Vasa Provider For Clustered Data Ontap

    APP
    Netapp
    ≥ 9.6
  • Netapp Virtual Storage Console

    APP
    Netapp
    9.6≥ 9.6
  • Oracle Autovue

    APP
    Oracle
    21.0.2
  • Oracle Communications Analytics

    APP
    Oracle
    12.1.1
  • Oracle Communications Element Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Services Gatekeeper

    APP
    Oracle
    6.06.17.0
  • Oracle Communications Session Report Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.0.08.1.08.1.18.2.0
  • Oracle Data Integrator

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Endeca Information Discovery Integrator

    APP
    Oracle
    3.2.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.213.3
  • Oracle Flexcube Core Banking

    APP
    Oracle
    5.2.011.5.0 – 11.7.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Oracle Hospitality Guest Access

    APP
    Oracle
    4.2.04.2.1
  • Oracle Rest Data Services

    APP
    Oracle
    11.2.0.412.1.0.212.2.0.118c
  • Oracle Retail Xstore Point Of Service

    APP
    Oracle
    15.016.017.07.1
  • Oracle Unified Directory

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit