14 lines
1.4 KiB
JSON
14 lines
1.4 KiB
JSON
{
|
|
"id": "openEuler-SA-2022-2149",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2149",
|
|
"title": "An update for jetty is now available for openEuler-22.03-LTS",
|
|
"severity": "Moderate",
|
|
"description": "%global desc \\ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\\ do not need to configure and run a separate web server (like Apache) in order\\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\\ featured web server for static and dynamic content. Unlike separate\\ server/container solutions, this means that your web server and web\\ application run in the same process, without interconnection overheads\\ and complications. Furthermore, as a pure java component, Jetty can be simply\\ included in your application for demonstration, distribution or deployment.\\ Jetty is available on all Java supported platforms. \\ %global extdesc \\\\ \\ This package contains\r\n\r\nSecurity Fix(es):\r\n\r\nIn Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.(CVE-2019-10241)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2019-10241",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10241",
|
|
"severity": "Moderate"
|
|
}
|
|
]
|
|
} |