VYPR
Medium severity5.3NVD Advisory· Published Apr 22, 2019· Updated Jun 17, 2026

CVE-2019-10247

CVE-2019-10247

Description

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.eclipse.jetty:jetty-serverMaven
>= 7.0.0, < 9.2.28.v201904189.2.28.v20190418
org.eclipse.jetty:jetty-serverMaven
>= 9.3.0, < 9.3.27.v201904189.3.27.v20190418
org.eclipse.jetty:jetty-serverMaven
>= 9.4.0, < 9.4.17.v201904189.4.17.v20190418

Affected products

2

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.