Vulnerability CVE-2019-10247 - CERT Civis.Net

Vulnerability Name:

CVE-2019-10247 (CCN-160610)

Assigned:

2019-04-22

Published:

2019-04-22

Updated:

2022-04-22

Summary:

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2019-10247

Source: CCN
Type: Oracle CPUOct2019
Oracle Critical Patch Update Advisory - October 2019

Source: CCN
Type: Bugzilla Bug 546577
(CVE-2019-10247) - Jetty CVE Request: Information Reveal - DefaultHandler

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577

Source: XF
Type: UNKNOWN
eclipse-cve201910247-info-disc(160610)

Source: CCN
Type: Jetty GIT Repository
DefaultHandler Reveals Base Resource Path of each Context #3555

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[activemq-issues] 20190723 [jira] [Created] (AMQ-7249) Security Vulnerabilities in the ActiveMQ dependent jars.

Source: MLIST
Type: Mailing List, Third Party Advisory
[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities

Source: MLIST
Type: Mailing List, Third Party Advisory
[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210514 [SECURITY] [DLA 2661-1] jetty9 security update

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-4949

Source: CCN
Type: IBM Security Bulletin 887913 (Netcool Agile Service Manager)
Multiple vulnerabilities in Jetty affect Netcool Agile Service Manager (CVE-2019-10247, CVE-2019-10246)

Source: CCN
Type: IBM Security Bulletin 0959429 (Netcool Operations Insight)
IBM Network Performance Insight (CVE-2019-10241, CVE-2019-10247)

Source: CCN
Type: IBM Security Bulletin 1073978 (Sterling Connect:Direct Browser User Interface)
Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)

Source: CCN
Type: IBM Security Bulletin 1077195 (Connect:Direct Web Services)
Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2019-10246, CVE-2019-10247, CVE-2019-10241 & CVE-2018-12545)

Source: CCN
Type: IBM Security Bulletin 6320063 (Security Guardium Insights)
IBM Security Guardium Insights is affected by a Components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6320835 (Security Guardium Data Encryption)
Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Source: CCN
Type: IBM Security Bulletin 6344071 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6344075 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6445357 (Log Analysis)
Multiple vulnerabilities in Eclipse Jetty affect Apache Solr shipped with IBM Operations Analytics - Log Analysis

Source: CCN
Type: IBM Security Bulletin 6466729 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6574041 (Process Mining)
Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 6621343 (Control Desk)
Provision to add https and Secure Flag to bayeux_browser cookie for IBM Control Desk.

Source: CCN
Type: IBM Security Bulletin 6854577 (Security Verify Governance)
IBM Security Verify Governance is vulnerable to multiple vulnerabilities due to Eclipse Jetty

Source: CCN
Type: IBM Security Bulletin 6983274 (Cognos Command Center)
IBM Cognos Command Center is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7005945 (Storage Protect)
IBM Storage Protect Server is vulnerable to various attacks due to Eclipse jetty

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2020
Oracle Critical Patch Update Advisory - January 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2020.html

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-10247

Vulnerable Configuration:

Configuration 1:

cpe:/a:eclipse:jetty:7.0.0:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:maintenance_2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:maintenance_3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:maintenance_4:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.2:20100523:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.3:20100526:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.4:20100610:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.5:20100705:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.4:20110707:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.5:20110725:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.0:20110901:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc4:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc5:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.1:20120215:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.2:20120302:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.2:20120308:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.11:20130725:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.12:20130726:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.13:20130910:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.13:20130916:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.1:20110908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.2:20111006:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.3:20111011:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.5:20120713:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.5:20120716:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.6:20120903:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.7:20120910:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.8:20121106:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.19:20160209:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.20:20160902:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.21:20160908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.22:20160922:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.1:20130408:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.2:20130417:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.2:20140415:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.3:20130506:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.1:20140108:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.2:20140210:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.3:20140225:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.4:20140401:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc6:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.1:20091125:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.2:20100331:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.2:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.2.2:20101205:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.3.0:20110203:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.3.1:20110307:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.0:20110414:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.3:20111011:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.4:20111024:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:20120125:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:20120127:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.5:20120713:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.5:20120716:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.6:20120903:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.7:20120910:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.18:20150929:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.19:20160209:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.20:20160902:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.21:20160908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:20110901:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:rc4:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:rc5:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.1:20120215:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.12:20130726:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:20091005:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc4:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.1:20100517:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.6:20100715:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.2.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.1:20110513:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.3:20110630:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.2:20111006:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.3:20120413:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.4:20120522:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.9:20130131:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.11:20130520:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.14:20131031:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.16:20140903:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:maintenance_2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:20120127:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.2:20120302:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.3:20120416:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.9:20130131:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.11:20130520:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.16:20140903:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.18:20150929:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.2.0:20160908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:m5:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.4:20130625:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.5:20130815:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.0:20131115:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.0:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.5:20140505:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.6:20160112:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.13:20130910:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.13:20130916:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.14:20131031:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_4:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_5:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.6:20130919:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.6:20130930:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.7:20131031:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.7:20131107:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.27:20190403:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.26:20190403:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.0.0:rc5:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.0:20100505:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.2.0:20101020:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.2.1:20101111:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.2:20110526:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.4.3:20110701:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.5.1:20110908:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.0:rc3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.3:20120416:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.4:20120524:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.8:20121106:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.10:20130312:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.15:20140411:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:7.6.17:20150415:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:maintenance_1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.0:maintenance_3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.0.4:20111024:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.0:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.2:20120308:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.4:20120524:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.10:20130312:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.12:20130725:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.15:20140411:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:8.1.17:20150415:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:20130308:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.0:rc3:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.4:20130621:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.0.5:20130813:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.1.6:20151106:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*

Configuration 2:

cpe:/a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* (Version >= 3.0 and <= 3.1.3)

OR cpe:/a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapcenter:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:snapmanager:-:-:*:*:*:oracle:*:*

OR cpe:/a:netapp:snapmanager:-:-:*:*:*:sap:*:*

OR cpe:/a:netapp:storage_replication_adapter_for_clustered_data_ontap:*:*:*:*:*:vmware_vsphere:*:* (Version >= 9.6

OR cpe:/a:netapp:storage_services_connector:-:*:*:*:*:*:*:*

OR cpe:/a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:* (Version >= 9.6

OR cpe:/a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:* (Version >= 9.6

OR cpe:/o:netapp:element:-:*:*:*:*:vcenter_server:*:*

Configuration 3:

cpe:/a:oracle:autovue:21.0.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_base_platform:13.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager_base_platform:13.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:* (Version >= 11.5.0 and <= 11.7.0)

OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:unified_directory:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:unified_directory:12.2.1.4.0:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:eclipse:jetty:9.2.27:*:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.3.26:20190403:*:*:*:*:*:*

OR cpe:/a:eclipse:jetty:9.4.16:20190411:*:*:*:*:*:*

AND

cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_manager:13.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_command_center:10.2.4.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:netcool_agile_service_manager:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:unified_directory:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:unified_directory:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_insights:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:security_guardium_data_encryption:3.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p4:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_desk:7.6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:2019102470000000	V	CVE-2019-10247 on Ubuntu 19.04 (disco) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:201910247000	V	CVE-2019-10247 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.cosmic:def:2019102470000000	V	CVE-2019-10247 on Ubuntu 18.10 (cosmic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:201910247000	V	CVE-2019-10247 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.bionic:def:2019102470000000	V	CVE-2019-10247 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:201910247000	V	CVE-2019-10247 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.xenial:def:2019102470000000	V	CVE-2019-10247 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-22
oval:com.ubuntu.trusty:def:201910247000	V	CVE-2019-10247 on Ubuntu 14.04 LTS (trusty) - medium.	2019-04-22