CVE-2018-12536
Published: 27 June 2018
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.
Priority
Status
Package | Release | Status |
---|---|---|
jetty8 Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Does not exist
|
|
jetty9 Launchpad, Ubuntu, Debian |
groovy |
Not vulnerable
(9.2.25-1)
|
hirsute |
Not vulnerable
(9.2.25-1)
|
|
xenial |
Needed
|
|
jammy |
Not vulnerable
(9.2.25-1)
|
|
kinetic |
Not vulnerable
(9.2.25-1)
|
|
lunar |
Not vulnerable
(9.2.25-1)
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Not vulnerable
(9.2.25-1)
|
|
cosmic |
Not vulnerable
(9.2.25-1)
|
|
disco |
Not vulnerable
(9.2.25-1)
|
|
eoan |
Not vulnerable
(9.2.25-1)
|
|
focal |
Not vulnerable
(9.2.25-1)
|
|
impish |
Not vulnerable
(9.2.25-1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(9.2.25-1)
|
|
mantic |
Not vulnerable
(9.2.25-1)
|
|
Patches: upstream: https://github.com/eclipse/jetty.project/pull/2561/commits/65de2c6690103212a933e5491fbe94d35fcdd498 upstream: https://github.com/eclipse/jetty.project/pull/2561/commits/ad4dceb1c08679baa2a6a64356fcde5309e13fd8 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |