https://bugzilla.redhat.com/show_bug.cgi?id=1781214
Bug ID: 1781214
Summary: CVE-2019-17632 jetty: generation of default unhandled
error response content does not escape exception
messages in stacktraces included in error output
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
bkearney(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
ggaughan(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jjohnstn(a)redhat.com,
jochrist(a)redhat.com, jorton(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
ldimaggi(a)redhat.com, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, nwallace(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rwagner(a)redhat.com, sochotni(a)redhat.com,
sthorger(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and
9.4.23.v20191118, the generation of default unhandled Error response content
(in text/html and text/json Content-Type) does not escape Exception messages in
stacktraces included in error output.
Reference:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443
--
You are receiving this mail because:
You are on the CC list for the bug.