In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.
{
"unresolved_ranges": [
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "1.16.0"
}
],
"cpe": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "11.5.0"
},
{
"last_affected": "11.7.0"
}
],
"cpe": "cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "11.2.0.4"
}
],
"cpe": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "12.1.0.2"
}
],
"cpe": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "12.2.0.1"
}
],
"cpe": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "18c"
}
],
"cpe": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "15.0"
}
],
"cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "16.0"
}
],
"cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "17.0"
}
],
"cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*"
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"last_affected": "7.1"
}
],
"cpe": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"
}
]
}{
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "5.15.9"
},
{
"last_affected": "5.2.0"
}
],
"cpe": [
"cpe:2.3:a:apache:activemq:5.15.9:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*"
]
}{
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "9.2.0-20140523"
},
{
"last_affected": "9.2.0-20140526"
},
{
"last_affected": "9.2.0-maintenance_0"
},
{
"last_affected": "9.2.0-maintenance_1"
},
{
"last_affected": "9.2.0-rc0"
},
{
"last_affected": "9.2.1-20140609"
},
{
"last_affected": "9.2.2-20140723"
},
{
"last_affected": "9.2.3-20140905"
},
{
"last_affected": "9.2.4-20141103"
},
{
"last_affected": "9.2.5-20141112"
},
{
"last_affected": "9.2.6-20141203"
},
{
"last_affected": "9.2.6-20141205"
},
{
"last_affected": "9.2.7-20150116"
},
{
"last_affected": "9.2.8-20150217"
},
{
"last_affected": "9.2.9-20150224"
},
{
"last_affected": "9.2.10-20150310"
},
{
"last_affected": "9.2.11-20150528"
},
{
"last_affected": "9.2.11-20150529"
},
{
"last_affected": "9.2.11-maintenance_0"
},
{
"last_affected": "9.2.12-20150709"
},
{
"last_affected": "9.2.12-maintenance_0"
},
{
"last_affected": "9.2.13-20150730"
},
{
"last_affected": "9.2.14-20151106"
},
{
"last_affected": "9.2.15-20160210"
},
{
"last_affected": "9.2.16-20160407"
},
{
"last_affected": "9.2.16-20160414"
},
{
"last_affected": "9.2.17-20160517"
},
{
"last_affected": "9.2.18-20160721"
},
{
"last_affected": "9.2.19-20160908"
},
{
"last_affected": "9.2.20-20161216"
},
{
"last_affected": "9.2.21-20170120"
},
{
"last_affected": "9.2.22-20170606"
},
{
"last_affected": "9.2.23-20171218"
},
{
"last_affected": "9.2.24-20180105"
},
{
"last_affected": "9.2.25-20180606"
},
{
"last_affected": "9.2.26-20180806"
},
{
"last_affected": "9.3.0-20150601"
},
{
"last_affected": "9.3.0-20150608"
},
{
"last_affected": "9.3.0-20150612"
},
{
"last_affected": "9.3.0-maintenance0"
},
{
"last_affected": "9.3.0-maintenance1"
},
{
"last_affected": "9.3.0-maintenance2"
},
{
"last_affected": "9.3.0-rc0"
},
{
"last_affected": "9.3.0-rc1"
},
{
"last_affected": "9.3.1-20150714"
},
{
"last_affected": "9.3.2-20150730"
},
{
"last_affected": "9.3.3-20150825"
},
{
"last_affected": "9.3.3-20150827"
},
{
"last_affected": "9.3.4-20151005"
},
{
"last_affected": "9.3.4-20151007"
},
{
"last_affected": "9.3.4-rc0"
},
{
"last_affected": "9.3.4-rc1"
},
{
"last_affected": "9.3.5-20151012"
},
{
"last_affected": "9.3.6-20151106"
},
{
"last_affected": "9.3.7-20160115"
},
{
"last_affected": "9.3.7-rc0"
},
{
"last_affected": "9.3.7-rc1"
},
{
"last_affected": "9.3.8-20160311"
},
{
"last_affected": "9.3.8-20160314"
},
{
"last_affected": "9.3.8-rc0"
},
{
"last_affected": "9.3.9-20160517"
},
{
"last_affected": "9.3.9-maintenance_0"
},
{
"last_affected": "9.3.9-maintenance_1"
},
{
"last_affected": "9.3.10-20160621"
},
{
"last_affected": "9.3.10-maintenance_0"
},
{
"last_affected": "9.3.11-20160721"
},
{
"last_affected": "9.3.11-maintenance_0"
},
{
"last_affected": "9.3.12-20160915"
},
{
"last_affected": "9.3.13-20161014"
},
{
"last_affected": "9.3.13-maintenance_0"
},
{
"last_affected": "9.3.14-20161028"
},
{
"last_affected": "9.3.15-20161220"
},
{
"last_affected": "9.3.16-20170119"
},
{
"last_affected": "9.3.16-20170120"
},
{
"last_affected": "9.3.17-20170317"
},
{
"last_affected": "9.3.17-rc0"
},
{
"last_affected": "9.3.18-20170406"
},
{
"last_affected": "9.3.19-20170502"
},
{
"last_affected": "9.3.20-20170531"
},
{
"last_affected": "9.3.21-20170918"
},
{
"last_affected": "9.3.21-maintenance_0"
},
{
"last_affected": "9.3.21-rc0"
},
{
"last_affected": "9.3.22-20171030"
},
{
"last_affected": "9.3.23-20180228"
},
{
"last_affected": "9.3.24-20180605"
},
{
"last_affected": "9.3.25-20180904"
},
{
"last_affected": "9.4.0-20161207"
},
{
"last_affected": "9.4.0-20161208"
},
{
"last_affected": "9.4.0-20180619"
},
{
"last_affected": "9.4.0-maintenance_0"
},
{
"last_affected": "9.4.0-maintenance_1"
},
{
"last_affected": "9.4.0-rc0"
},
{
"last_affected": "9.4.0-rc1"
},
{
"last_affected": "9.4.0-rc2"
},
{
"last_affected": "9.4.0-rc3"
},
{
"last_affected": "9.4.1-20170120"
},
{
"last_affected": "9.4.1-20180619"
},
{
"last_affected": "9.4.2-20170220"
},
{
"last_affected": "9.4.2-20180619"
},
{
"last_affected": "9.4.3-20170317"
},
{
"last_affected": "9.4.3-20180619"
},
{
"last_affected": "9.4.4-20170410"
},
{
"last_affected": "9.4.4-20170414"
},
{
"last_affected": "9.4.4-20180619"
},
{
"last_affected": "9.4.5-20170502"
},
{
"last_affected": "9.4.5-20180619"
},
{
"last_affected": "9.4.6-20170531"
},
{
"last_affected": "9.4.6-20180619"
},
{
"last_affected": "9.4.7-20170914"
},
{
"last_affected": "9.4.7-20180619"
},
{
"last_affected": "9.4.7-rc0"
},
{
"last_affected": "9.4.8-20171121"
},
{
"last_affected": "9.4.8-20180619"
},
{
"last_affected": "9.4.9-20180320"
},
{
"last_affected": "9.4.10-20180503"
},
{
"last_affected": "9.4.10-rc0"
},
{
"last_affected": "9.4.10-rc1"
},
{
"last_affected": "9.4.11-20180605"
},
{
"last_affected": "9.4.12-20180830"
},
{
"last_affected": "9.4.12-rc0"
},
{
"last_affected": "9.4.12-rc1"
},
{
"last_affected": "9.4.12-rc2"
},
{
"last_affected": "9.4.13-20181111"
},
{
"last_affected": "9.4.14-20181114"
},
{
"last_affected": "9.4.15-20190215"
},
{
"last_affected": "9.0"
},
{
"last_affected": "10.0"
}
],
"cpe": [
"cpe:2.3:a:eclipse:jetty:9.2.0:20140523:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.0:20140526:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.0:maintenance_1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.1:20140609:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.2:20140723:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.3:20140905:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.4:20141103:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.5:20141112:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.6:20141203:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.6:20141205:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.7:20150116:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.8:20150217:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.9:20150224:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.10:20150310:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.11:20150528:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.11:20150529:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.11:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.12:20150709:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.12:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.13:20150730:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.14:20151106:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.15:20160210:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.16:20160407:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.16:20160414:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.17:20160517:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.18:20160721:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.19:20160908:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.20:20161216:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.21:20170120:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.22:20170606:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.23:20171218:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.24:20180105:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.25:20180606:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.2.26:20180806:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:20150601:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:20150608:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:20150612:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:maintenance2:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.1:20150714:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.2:20150730:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.3:20150825:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.3:20150827:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.4:20151005:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.4:20151007:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.4:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.4:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.5:20151012:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.6:20151106:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.7:20160115:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.7:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.7:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.8:20160311:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.8:20160314:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.8:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.9:20160517:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.9:maintenance_1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.10:20160621:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.10:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.11:20160721:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.11:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.12:20160915:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.13:20161014:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.13:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.14:20161028:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.15:20161220:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.16:20170119:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.16:20170120:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.17:20170317:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.17:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.18:20170406:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.19:20170502:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.20:20170531:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.21:20170918:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.21:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.21:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.22:20171030:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.23:20180228:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.24:20180605:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.3.25:20180904:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:20161207:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:20161208:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:maintenance_1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:rc2:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.0:rc3:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.1:20170120:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.1:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.2:20170220:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.2:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.3:20170317:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.3:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.4:20170410:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.4:20170414:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.4:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.5:20170502:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.5:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.6:20170531:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.6:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.7:20170914:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.7:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.7:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.8:20171121:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.8:20180619:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.9:20180320:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.10:20180503:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.10:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.10:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.11:20180605:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.12:20180830:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.12:rc0:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.12:rc1:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.12:rc2:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.13:20181111:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.14:20181114:*:*:*:*:*:*",
"cpe:2.3:a:eclipse:jetty:9.4.15:20190215:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
]
}