CVE-2019-10241

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-10241
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2019-04-22 20:29:00 UTC
Updated2023-11-07 03:02:00 UTC
DescriptionIn Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apache Activemq 5.15.9 All All All
Application Apache Drill 1.16.0 All All All
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 9.0 All All All
Application Eclipse Jetty 9.2.0 20140523 All All
Application Eclipse Jetty 9.2.0 20140526 All All
Application Eclipse Jetty 9.2.0 maintenance_0 All All
Application Eclipse Jetty 9.2.0 maintenance_1 All All
Application Eclipse Jetty 9.2.0 rc0 All All
Application Eclipse Jetty 9.2.1 20140609 All All
Application Eclipse Jetty 9.2.10 20150310 All All
Application Eclipse Jetty 9.2.11 20150528 All All
Application Eclipse Jetty 9.2.11 20150529 All All
Application Eclipse Jetty 9.2.11 maintenance_0 All All
Application Eclipse Jetty 9.2.12 20150709 All All
Application Eclipse Jetty 9.2.12 maintenance_0 All All
Application Eclipse Jetty 9.2.13 20150730 All All
Application Eclipse Jetty 9.2.14 20151106 All All
Application Eclipse Jetty 9.2.15 20160210 All All
Application Eclipse Jetty 9.2.16 20160407 All All
Application Eclipse Jetty 9.2.16 20160414 All All
Application Eclipse Jetty 9.2.17 20160517 All All
Application Eclipse Jetty 9.2.18 20160721 All All
Application Eclipse Jetty 9.2.19 20160908 All All
Application Eclipse Jetty 9.2.2 20140723 All All
Application Eclipse Jetty 9.2.20 20161216 All All
Application Eclipse Jetty 9.2.21 20170120 All All
Application Eclipse Jetty 9.2.22 20170606 All All
Application Eclipse Jetty 9.2.23 20171218 All All
Application Eclipse Jetty 9.2.24 20180105 All All
Application Eclipse Jetty 9.2.25 20180606 All All
Application Eclipse Jetty 9.2.26 20180806 All All
Application Eclipse Jetty 9.2.3 20140905 All All
Application Eclipse Jetty 9.2.4 20141103 All All
Application Eclipse Jetty 9.2.5 20141112 All All
Application Eclipse Jetty 9.2.6 20141203 All All
Application Eclipse Jetty 9.2.6 20141205 All All
Application Eclipse Jetty 9.2.7 20150116 All All
Application Eclipse Jetty 9.2.8 20150217 All All
Application Eclipse Jetty 9.2.9 20150224 All All
Application Eclipse Jetty 9.3.0 20150601 All All
Application Eclipse Jetty 9.3.0 20150608 All All
Application Eclipse Jetty 9.3.0 20150612 All All
Application Eclipse Jetty 9.3.0 maintenance0 All All
Application Eclipse Jetty 9.3.0 maintenance1 All All
Application Eclipse Jetty 9.3.0 maintenance2 All All
Application Eclipse Jetty 9.3.0 rc0 All All
Application Eclipse Jetty 9.3.0 rc1 All All
Application Eclipse Jetty 9.3.1 20150714 All All
Application Eclipse Jetty 9.3.10 20160621 All All
Application Eclipse Jetty 9.3.10 maintenance_0 All All
Application Eclipse Jetty 9.3.11 20160721 All All
Application Eclipse Jetty 9.3.11 maintenance_0 All All
Application Eclipse Jetty 9.3.12 20160915 All All
Application Eclipse Jetty 9.3.13 20161014 All All
Application Eclipse Jetty 9.3.13 maintenance_0 All All
Application Eclipse Jetty 9.3.14 20161028 All All
Application Eclipse Jetty 9.3.15 20161220 All All
Application Eclipse Jetty 9.3.16 20170119 All All
Application Eclipse Jetty 9.3.16 20170120 All All
Application Eclipse Jetty 9.3.17 20170317 All All
Application Eclipse Jetty 9.3.17 rc0 All All
Application Eclipse Jetty 9.3.18 20170406 All All
Application Eclipse Jetty 9.3.19 20170502 All All
Application Eclipse Jetty 9.3.2 20150730 All All
Application Eclipse Jetty 9.3.20 20170531 All All
Application Eclipse Jetty 9.3.21 20170918 All All
Application Eclipse Jetty 9.3.21 maintenance_0 All All
Application Eclipse Jetty 9.3.21 rc0 All All
Application Eclipse Jetty 9.3.22 20171030 All All
Application Eclipse Jetty 9.3.23 20180228 All All
Application Eclipse Jetty 9.3.24 20180605 All All
Application Eclipse Jetty 9.3.25 20180904 All All
Application Eclipse Jetty 9.3.3 20150825 All All
Application Eclipse Jetty 9.3.3 20150827 All All
Application Eclipse Jetty 9.3.4 20151005 All All
Application Eclipse Jetty 9.3.4 20151007 All All
Application Eclipse Jetty 9.3.4 rc0 All All
Application Eclipse Jetty 9.3.4 rc1 All All
Application Eclipse Jetty 9.3.5 20151012 All All
Application Eclipse Jetty 9.3.6 20151106 All All
Application Eclipse Jetty 9.3.7 20160115 All All
Application Eclipse Jetty 9.3.7 rc0 All All
Application Eclipse Jetty 9.3.7 rc1 All All
Application Eclipse Jetty 9.3.8 20160311 All All
Application Eclipse Jetty 9.3.8 20160314 All All
Application Eclipse Jetty 9.3.8 rc0 All All
Application Eclipse Jetty 9.3.9 20160517 All All
Application Eclipse Jetty 9.3.9 maintenance_0 All All
Application Eclipse Jetty 9.3.9 maintenance_1 All All
Application Eclipse Jetty 9.4.0 20161207 All All
Application Eclipse Jetty 9.4.0 20161208 All All
Application Eclipse Jetty 9.4.0 20180619 All All
Application Eclipse Jetty 9.4.0 maintenance_0 All All
Application Eclipse Jetty 9.4.0 maintenance_1 All All
Application Eclipse Jetty 9.4.0 rc0 All All
Application Eclipse Jetty 9.4.0 rc1 All All
Application Eclipse Jetty 9.4.0 rc2 All All
Application Eclipse Jetty 9.4.0 rc3 All All
Application Eclipse Jetty 9.4.1 20170120 All All
Application Eclipse Jetty 9.4.1 20180619 All All
Application Eclipse Jetty 9.4.10 20180503 All All
Application Eclipse Jetty 9.4.10 rc0 All All
Application Eclipse Jetty 9.4.10 rc1 All All
Application Eclipse Jetty 9.4.11 20180605 All All
Application Eclipse Jetty 9.4.12 20180830 All All
Application Eclipse Jetty 9.4.12 rc0 All All
Application Eclipse Jetty 9.4.12 rc1 All All
Application Eclipse Jetty 9.4.12 rc2 All All
Application Eclipse Jetty 9.4.13 20181111 All All
Application Eclipse Jetty 9.4.14 20181114 All All
Application Eclipse Jetty 9.4.15 20190215 All All
Application Eclipse Jetty 9.4.2 20170220 All All
Application Eclipse Jetty 9.4.2 20180619 All All
Application Eclipse Jetty 9.4.3 20170317 All All
Application Eclipse Jetty 9.4.3 20180619 All All
Application Eclipse Jetty 9.4.4 20170410 All All
Application Eclipse Jetty 9.4.4 20170414 All All
Application Eclipse Jetty 9.4.4 20180619 All All
Application Eclipse Jetty 9.4.5 20170502 All All
Application Eclipse Jetty 9.4.5 20180619 All All
Application Eclipse Jetty 9.4.6 20170531 All All
Application Eclipse Jetty 9.4.6 20180619 All All
Application Eclipse Jetty 9.4.7 20170914 All All
Application Eclipse Jetty 9.4.7 20180619 All All
Application Eclipse Jetty 9.4.7 rc0 All All
Application Eclipse Jetty 9.4.8 20171121 All All
Application Eclipse Jetty 9.4.8 20180619 All All
Application Eclipse Jetty 9.4.9 20180320 All All
Application Eclipse Jetty 9.2.0 20140523 All All
Application Eclipse Jetty 9.2.0 20140526 All All
Application Eclipse Jetty 9.2.0 maintenance_0 All All
Application Eclipse Jetty 9.2.0 maintenance_1 All All
Application Eclipse Jetty 9.2.0 rc0 All All
Application Eclipse Jetty 9.2.1 20140609 All All
Application Eclipse Jetty 9.2.10 20150310 All All
Application Eclipse Jetty 9.2.11 20150528 All All
Application Eclipse Jetty 9.2.11 20150529 All All
Application Eclipse Jetty 9.2.11 maintenance_0 All All
Application Eclipse Jetty 9.2.12 20150709 All All
Application Eclipse Jetty 9.2.12 maintenance_0 All All
Application Eclipse Jetty 9.2.13 20150730 All All
Application Eclipse Jetty 9.2.14 20151106 All All
Application Eclipse Jetty 9.2.15 20160210 All All
Application Eclipse Jetty 9.2.16 20160407 All All
Application Eclipse Jetty 9.2.16 20160414 All All
Application Eclipse Jetty 9.2.17 20160517 All All
Application Eclipse Jetty 9.2.18 20160721 All All
Application Eclipse Jetty 9.2.19 20160908 All All
Application Eclipse Jetty 9.2.2 20140723 All All
Application Eclipse Jetty 9.2.20 20161216 All All
Application Eclipse Jetty 9.2.21 20170120 All All
Application Eclipse Jetty 9.2.22 20170606 All All
Application Eclipse Jetty 9.2.23 20171218 All All
Application Eclipse Jetty 9.2.24 20180105 All All
Application Eclipse Jetty 9.2.25 20180606 All All
Application Eclipse Jetty 9.2.26 20180806 All All
Application Eclipse Jetty 9.2.3 20140905 All All
Application Eclipse Jetty 9.2.4 20141103 All All
Application Eclipse Jetty 9.2.5 20141112 All All
Application Eclipse Jetty 9.2.6 20141203 All All
Application Eclipse Jetty 9.2.6 20141205 All All
Application Eclipse Jetty 9.2.7 20150116 All All
Application Eclipse Jetty 9.2.8 20150217 All All
Application Eclipse Jetty 9.2.9 20150224 All All
Application Eclipse Jetty 9.3.0 20150601 All All
Application Eclipse Jetty 9.3.0 20150608 All All
Application Eclipse Jetty 9.3.0 20150612 All All
Application Eclipse Jetty 9.3.0 maintenance0 All All
Application Eclipse Jetty 9.3.0 maintenance1 All All
Application Eclipse Jetty 9.3.0 maintenance2 All All
Application Eclipse Jetty 9.3.0 rc0 All All
Application Eclipse Jetty 9.3.0 rc1 All All
Application Eclipse Jetty 9.3.1 20150714 All All
Application Eclipse Jetty 9.3.10 20160621 All All
Application Eclipse Jetty 9.3.10 maintenance_0 All All
Application Eclipse Jetty 9.3.11 20160721 All All
Application Eclipse Jetty 9.3.11 maintenance_0 All All
Application Eclipse Jetty 9.3.12 20160915 All All
Application Eclipse Jetty 9.3.13 20161014 All All
Application Eclipse Jetty 9.3.13 maintenance_0 All All
Application Eclipse Jetty 9.3.14 20161028 All All
Application Eclipse Jetty 9.3.15 20161220 All All
Application Eclipse Jetty 9.3.16 20170119 All All
Application Eclipse Jetty 9.3.16 20170120 All All
Application Eclipse Jetty 9.3.17 20170317 All All
Application Eclipse Jetty 9.3.17 rc0 All All
Application Eclipse Jetty 9.3.18 20170406 All All
Application Eclipse Jetty 9.3.19 20170502 All All
Application Eclipse Jetty 9.3.2 20150730 All All
Application Eclipse Jetty 9.3.20 20170531 All All
Application Eclipse Jetty 9.3.21 20170918 All All
Application Eclipse Jetty 9.3.21 maintenance_0 All All
Application Eclipse Jetty 9.3.21 rc0 All All
Application Eclipse Jetty 9.3.22 20171030 All All
Application Eclipse Jetty 9.3.23 20180228 All All
Application Eclipse Jetty 9.3.24 20180605 All All
Application Eclipse Jetty 9.3.25 20180904 All All
Application Eclipse Jetty 9.3.3 20150825 All All
Application Eclipse Jetty 9.3.3 20150827 All All
Application Eclipse Jetty 9.3.4 20151005 All All
Application Eclipse Jetty 9.3.4 20151007 All All
Application Eclipse Jetty 9.3.4 rc0 All All
Application Eclipse Jetty 9.3.4 rc1 All All
Application Eclipse Jetty 9.3.5 20151012 All All
Application Eclipse Jetty 9.3.6 20151106 All All
Application Eclipse Jetty 9.3.7 20160115 All All
Application Eclipse Jetty 9.3.7 rc0 All All
Application Eclipse Jetty 9.3.7 rc1 All All
Application Eclipse Jetty 9.3.8 20160311 All All
Application Eclipse Jetty 9.3.8 20160314 All All
Application Eclipse Jetty 9.3.8 rc0 All All
Application Eclipse Jetty 9.3.9 20160517 All All
Application Eclipse Jetty 9.3.9 maintenance_0 All All
Application Eclipse Jetty 9.3.9 maintenance_1 All All
Application Eclipse Jetty 9.4.0 20161207 All All
Application Eclipse Jetty 9.4.0 20161208 All All
Application Eclipse Jetty 9.4.0 20180619 All All
Application Eclipse Jetty 9.4.0 maintenance_0 All All
Application Eclipse Jetty 9.4.0 maintenance_1 All All
Application Eclipse Jetty 9.4.0 rc0 All All
Application Eclipse Jetty 9.4.0 rc1 All All
Application Eclipse Jetty 9.4.0 rc2 All All
Application Eclipse Jetty 9.4.0 rc3 All All
Application Eclipse Jetty 9.4.1 20170120 All All
Application Eclipse Jetty 9.4.1 20180619 All All
Application Eclipse Jetty 9.4.10 20180503 All All
Application Eclipse Jetty 9.4.10 rc0 All All
Application Eclipse Jetty 9.4.10 rc1 All All
Application Eclipse Jetty 9.4.11 20180605 All All
Application Eclipse Jetty 9.4.12 20180830 All All
Application Eclipse Jetty 9.4.12 rc0 All All
Application Eclipse Jetty 9.4.12 rc1 All All
Application Eclipse Jetty 9.4.12 rc2 All All
Application Eclipse Jetty 9.4.13 20181111 All All
Application Eclipse Jetty 9.4.14 20181114 All All
Application Eclipse Jetty 9.4.15 20190215 All All
Application Eclipse Jetty 9.4.2 20170220 All All
Application Eclipse Jetty 9.4.2 20180619 All All
Application Eclipse Jetty 9.4.3 20170317 All All
Application Eclipse Jetty 9.4.3 20180619 All All
Application Eclipse Jetty 9.4.4 20170410 All All
Application Eclipse Jetty 9.4.4 20170414 All All
Application Eclipse Jetty 9.4.4 20180619 All All
Application Eclipse Jetty 9.4.5 20170502 All All
Application Eclipse Jetty 9.4.5 20180619 All All
Application Eclipse Jetty 9.4.6 20170531 All All
Application Eclipse Jetty 9.4.6 20180619 All All
Application Eclipse Jetty 9.4.7 20170914 All All
Application Eclipse Jetty 9.4.7 20180619 All All
Application Eclipse Jetty 9.4.7 rc0 All All
Application Eclipse Jetty 9.4.8 20171121 All All
Application Eclipse Jetty 9.4.8 20180619 All All
Application Eclipse Jetty 9.4.9 20180320 All All
Application Oracle Flexcube Core Banking 5.2.0 All All All
Application Oracle Flexcube Core Banking All All All All
Application Oracle Rest Data Services 11.2.0.4 All All All
Application Oracle Rest Data Services 12.1.0.2 All All All
Application Oracle Rest Data Services 12.2.0.1 All All All
Application Oracle Rest Data Services 18c All All All
Application Oracle Retail Xstore Point Of Service 15.0 All All All
Application Oracle Retail Xstore Point Of Service 16.0 All All All
Application Oracle Retail Xstore Point Of Service 17.0 All All All
Application Oracle Retail Xstore Point Of Service 7.1 All All All

References

ReferenceSourceLinkTags
Pony Mail! MLIST lists.apache.org Third Party Advisory
[SECURITY] [DLA 2661-1] jetty9 security update MLIST lists.debian.org
Pony Mail! MLIST lists.apache.org Third Party Advisory
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
546121 – (CVE-2019-10241) Jetty CVE Request: DefaultServlet / ResourceHandler XSS CONFIRM bugs.eclipse.org Issue Tracking, Vendor Advisory
Pony Mail! MLIST lists.apache.org Mailing List, Third Party Advisory
Oracle Critical Patch Update Advisory - October 2020 MISC www.oracle.com
Debian -- Security Information -- DSA-4949-1 jetty9 DEBIAN www.debian.org
April 2019 Eclipse Jetty Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com Third Party Advisory
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org Mailing List, Third Party Advisory
Pony Mail! MLIST lists.apache.org
Pony Mail! MLIST lists.apache.org Third Party Advisory
Pony Mail! MLIST lists.apache.org
Pony Mail! lists.apache.org
Oracle Critical Patch Update - October 2019 MISC www.oracle.com
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 178597 Debian Security Update for jetty9 (DLA 2661-1)
  • 178738 Debian Security Update for jetty9 (DSA 4949-1)
  • 982589 Java (maven) Security Update for org.eclipse.jetty:jetty-server (GHSA-7vx9-xjhr-rw6h)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report