In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NEclipse Jetty
APPEclipse9.2.279.3.269.4.16Microsoft Windows
OSMicrosoftwszystkie wersjeNetapp Element
OSNetappwszystkie wersjeNetapp Oncommand System Manager
APPNetapp3.0 – 3.1.3Netapp Snapcenter
APPNetappwszystkie wersjeNetapp Snap Creator Framework
APPNetappwszystkie wersjeNetapp Snapmanager
APPNetappwszystkie wersjeNetapp Storage Replication Adapter For Clustered Data Ontap
APPNetapp9.6≥ 9.6Netapp Storage Services Connector
APPNetappwszystkie wersjeNetapp Vasa Provider For Clustered Data Ontap
APPNetapp≥ 9.6Netapp Virtual Storage Console
APPNetapp9.6≥ 9.6Oracle Autovue
APPOracle21.0.2Oracle Communications Analytics
APPOracle12.1.1Oracle Communications Element Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Communications Services Gatekeeper
APPOracle6.06.17.0Oracle Communications Session Report Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Communications Session Route Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Data Integrator
APPOracle12.2.1.3.012.2.1.4.0Oracle Endeca Information Discovery Integrator
APPOracle3.2.0Oracle Enterprise Manager Base Platform
APPOracle13.213.3Oracle Flexcube Core Banking
APPOracle5.2.011.5.0 – 11.7.0Oracle Flexcube Private Banking
APPOracle12.0.012.1.0Oracle Hospitality Guest Access
APPOracle4.2.04.2.1Oracle Rest Data Services
APPOracle11.2.0.412.1.0.212.2.0.118cOracle Retail Xstore Point Of Service
APPOracle15.016.017.07.1Oracle Unified Directory
APPOracle12.2.1.3.012.2.1.4.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Referencje
Powiązane podatności
CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit