VulnerableCode Package Details - pkg:maven/org.eclipse.jetty/jetty-server@7.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-8y49-9qx9-9fcz Aliases: CVE-2019-10247 GHSA-xc67-hjx6-cgg6	Installation information leak in Eclipse Jetty In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.	9.2.28.v20190418 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.3.27.v20190418 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.4.17.v20190418 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-8y49-9qx9-9fcz
Aliases:
CVE-2019-10247
GHSA-xc67-hjx6-cgg6

Installation information leak in Eclipse Jetty In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

9.2.28.v20190418
Affected by 7 other vulnerabilities.

9.3.27.v20190418
Affected by 6 other vulnerabilities.

9.4.17.v20190418
Affected by 9 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T14:29:44.540232+00:00	GHSA Importer	Affected by	VCID-8y49-9qx9-9fcz	https://github.com/advisories/GHSA-xc67-hjx6-cgg6	36.1.3

2025-07-01T14:29:44.540232+00:00

GHSA Importer

Affected by

VCID-8y49-9qx9-9fcz

https://github.com/advisories/GHSA-xc67-hjx6-cgg6

36.1.3

purl	pkg:maven/org.eclipse.jetty/jetty-server@7.0.0
Tags	Ghost

Next non-vulnerable version	9.4.57.v20241219
Latest non-vulnerable version	12.0.9
Risk	3.1