CVE-2019-10246

{"id": "CVE-2019-10246", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2019-04-22T20:29:00.303", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E", "source": "emo@eclipse.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190509-0003/", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Third Party Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-213"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. This information reveal is restricted to only the content in the configured base resource directories."}, {"lang": "es", "value": "En Eclipse Jetty versi\u00f3n 9.2.27, versi\u00f3n 9.3.26 y versi\u00f3n 9.4.16 , el servidor que es ejecutado en Windows es vulnerable a la exposici\u00f3n del nombre del directorio Base Resource totalmente calificado en Windows a un cliente remoto cuando est\u00e1 configurado para mostrar un contenido de listado de directorios (Listing of directory). Esta informaci\u00f3n revelada est\u00e1 restringida solo al contenido en los directorios de recursos base configurados"}], "lastModified": "2023-11-07T03:02:27.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:jetty:9.2.27:20190403:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B70DE29A-21EC-4D22-9E5F-F8E5BB5C6CF3"}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.3.26:20190403:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88FC7601-A04D-4E66-ABA1-397509EFFCB0"}, {"criteria": "cpe:2.3:a:eclipse:jetty:9.4.16:20190411:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DBD80AB-9248-4020-8950-0613D65C29D5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69", "versionEndIncluding": "3.1.3", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:oracle:*:*", "vulnerable": true, "matchCriteriaId": "25BBBC1A-228F-45A6-AE95-DB915EDF84BD"}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:-:*:*:*:sap:*:*", "vulnerable": true, "matchCriteriaId": "C57D2B31-9696-4451-BA04-D093FFCF7E39"}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "D5D73B53-9750-4844-A767-21F8A0CEE0B3", "versionStartIncluding": "9.6"}, {"criteria": "cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4022E33-B50C-4B0D-8485-F9091B6E57E2"}, {"criteria": "cpe:2.3:a:netapp:storage_services_connector:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27762B9-8042-429B-B714-3B3A17B2842A"}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C0FF89C-3DC1-4FF4-9447-128028EEA80B", "versionStartIncluding": "9.6"}, {"criteria": "cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "414F07E7-7D77-4A1B-B665-4B87F5DC65A4"}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*", "vulnerable": true, "matchCriteriaId": "FF852A4C-7818-408D-A46B-2F4EE1AB8895", "versionStartIncluding": "9.6"}, {"criteria": "cpe:2.3:a:netapp:virtual_storage_console:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F64A01A-B1FA-4220-B1F8-AEAA5BB17F7B"}, {"criteria": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", "vulnerable": true, "matchCriteriaId": "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:autovue:21.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB1FC94-5100-496D-92DA-09294676F889"}, {"criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED5503EC-63B6-47EB-AE37-14DD317DDDD8"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A99F85F8-F374-48B0-9534-BB9C07AFE76E"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162"}, {"criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126"}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60"}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3287751-9F54-4806-81D2-E28A42DF1407"}, {"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7"}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38"}, {"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F194FC-4116-45C4-A5B4-B9822EAC3250"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DBED5A1-5D0A-40D6-ACF1-695F7FCA70FE"}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EC0B307-B9D2-497B-81CF-B435ABFB1CFA", "versionEndIncluding": "11.7.0", "versionStartIncluding": "11.5.0"}, {"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEFE7E72-D419-4040-81AB-B4934C13909F"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148"}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496"}, {"criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F"}, {"criteria": "cpe:2.3:a:oracle:unified_directory:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5AE593-EAA2-4C0E-A005-EAAB0F8AFFEC"}, {"criteria": "cpe:2.3:a:oracle:unified_directory:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAC21315-E951-495D-A52A-29CD051D8A9A"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}