[Bug 1705993] New: CVE-2019-10247 jetty: error path information disclosure
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1705993
Bug ID: 1705993
Summary: CVE-2019-10247 jetty: error path information
disclosure
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190418,reported=20190423,sour
ce=cve,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/
I:N/A:N,cwe=CWE-200,fedora-all/jetty=affected,fuse-6/j
etty=new,fuse-7/jetty=new,rhn_satellite_5/jetty=new,rh
scl-3/rh-java-common-jetty=new,rhel-6/jetty-eclipse=ne
w,rhel-7/jetty=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aileenc(a)redhat.com, bkearney(a)redhat.com,
chazlett(a)redhat.com, decathorpe(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
ggainey(a)redhat.com, hhorak(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and
9.4.16 and older, the server running on any OS and Jetty version combination
will reveal the configured fully qualified directory base resource location on
the output of the 404 error for not finding a Context that matches the
requested path. The default server behavior on jetty-distribution and
jetty-home will include at the end of the Handler tree a DefaultHandler, which
is responsible for reporting this 404 error, it presents the various configured
contexts as HTML for users to click through to. This produced HTML includes
output that contains the configured fully qualified directory base resource
location for each context.
Reference:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years
[Bug 1784901] New: eclipse-4.14 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1784901
Bug ID: 1784901
Summary: eclipse-4.14 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse
Keywords: FutureFeature, Triaged
Assignee: mat.booth(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)fedoraproject.org,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 4.14
Current version/release in rawhide: 4.11-3.fc31
URL: https://download.eclipse.org/eclipse/downloads/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/653/
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 1 month