CVE-2019-10241 vulnerability in Eclipse and Other Products
Published on April 22, 2019
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-10241 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-10241
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10241 are published in these products:
Affected Versions
The Eclipse Foundation Eclipse Jetty:- Version unspecified, <= 9.2.26 is affected.
- Version unspecified, <= 9.3.25 is affected.
- Version unspecified, <= 9.4.15 is affected.
Exploit Probability
EPSS
9.69%
Percentile
92.76%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.