CVE-2019-10247
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-10247
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
故意性的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Eclipse Jetty 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty中存在信息泄露漏洞。攻击者可利用该漏洞泄露信息。以下版本受到影响:Eclipse Jetty 7.x版本,8.x版本,9.2.27及之前版本,9.3.26及之前版本,9.4.16及之前版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| The Eclipse Foundation | Eclipse Jetty | 7.x | - |
II. Public POCs for CVE-2019-10247
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-10247
请登录查看更多情报信息。
- https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
- NetApp Product Securityx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-10247
Same Patch Batch · The Eclipse Foundation · 2019-04-22 · 4 CVEs total
| CVE-2019-10241 | Eclipse Jetty 跨站脚本漏洞 | |
| CVE-2019-10246 | Eclipse Jetty 信息泄露漏洞 | |
| CVE-2019-10248 | Eclipse Vorto 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-213
- CVE-2025-52603
HCL Connections is vulnerable to information disclosure - CVE-2025-54831
Apache Airflow: Connection sensitive details exposed to user - CVE-2024-49827
IBM Concert Software information disclosure - CVE-2025-4976
Exposure of Sensitive Information Due to Incompatible Polici - CVE-2025-32791
Permission policy information leakage in Backstage permissio
V. Comments for CVE-2019-10247
No comments yet