HomePentest-Tools.com Logo

Eclipse Jetty XSS Vulnerability - CVE-2019-17632 (Windows)

Severity
CVSSv3 Score
6.1
Vulnerability description

Eclipse Jetty is prone to a cross-site scripting vulnerability.

Risk description

The generic ErrorHandler within Jetty will produce a text/html or text/json response containing the Stacktrace of the unhandled error it encounters. This stacktrace is not properly escaped and can be used as an XSS attack vector by a skilled adversary.

Recommendation

Update to version 9.4.24.v20191120 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 25, 2019
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available