Test ID:	1.3.6.1.4.1.25623.1.0.108501
Category:	Web Servers
Title:	Eclipse Jetty Server InvalidPathException Information Disclosure Vulnerability - Windows
Summary:	Eclipse Jetty Server is prone to an information disclosure vulnerability.
Description:	Summary: Eclipse Jetty Server is prone to an information disclosure vulnerability. Vulnerability Insight: The flaw exists due to an improper handling of bad queries. Vulnerability Impact: Successful exploitation will allow an attacker to disclose sensitive information. Affected Software/OS: Eclipse Jetty Server versions 9.2.x, 9.3.x before 9.3.24.v20180605 and 9.4.x before 9.4.11.v20180605. Solution: Upgrade to Eclipse Jetty Server version 9.3.24.v20180605 or 9.4.11.v20180605 or later as per the series. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12536 https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670 https://security.netapp.com/advisory/ntap-20181014-0001/ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html http://www.securitytracker.com/id/1041194
Copyright	Copyright (C) 2018 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.