https://bugzilla.redhat.com/show_bug.cgi?id=1705993
Bug ID: 1705993
Summary: CVE-2019-10247 jetty: error path information
disclosure
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190418,reported=20190423,sour
ce=cve,cvss3=5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/
I:N/A:N,cwe=CWE-200,fedora-all/jetty=affected,fuse-6/j
etty=new,fuse-7/jetty=new,rhn_satellite_5/jetty=new,rh
scl-3/rh-java-common-jetty=new,rhel-6/jetty-eclipse=ne
w,rhel-7/jetty=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aileenc(a)redhat.com, bkearney(a)redhat.com,
chazlett(a)redhat.com, decathorpe(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
ggainey(a)redhat.com, hhorak(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and
9.4.16 and older, the server running on any OS and Jetty version combination
will reveal the configured fully qualified directory base resource location on
the output of the 404 error for not finding a Context that matches the
requested path. The default server behavior on jetty-distribution and
jetty-home will include at the end of the Handler tree a DefaultHandler, which
is responsible for reporting this 404 error, it presents the various configured
contexts as HTML for users to click through to. This produced HTML includes
output that contains the configured fully qualified directory base resource
location for each context.
Reference:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1705924
Bug ID: 1705924
Summary: CVE-2019-10241 jetty: using specially formatted URL
against DefaultServlet or ResourceHandler leads to XSS
conditions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190422,reported=20190423,sour
ce=cve,cvss3=4.7/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/
I:L/A:N,cwe=CWE-79,fedora-all/jetty=affected,rhel-6/je
tty-eclipse=new,rhel-7/jetty=new,fuse-6/jetty=new,fuse
-7/jetty=new,rhn_satellite_5/jetty=new,rhscl-3/rh-java
-common-jetty=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: aileenc(a)redhat.com, bkearney(a)redhat.com,
chazlett(a)redhat.com, decathorpe(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
ggainey(a)redhat.com, hhorak(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jorton(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
tlestach(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and
older, the server is vulnerable to XSS conditions if a remote client USES a
specially formatted URL against the DefaultServlet or ResourceHandler that is
configured for showing a Listing of directory contents.
External References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735127
Bug ID: 1735127
Summary: eclipse-gef: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-gef
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, rgrunber(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-gef failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633045
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-gef at your earliest convenience and set the bug's status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-gef will be orphaned. Before branching of Fedora 32,
eclipse-gef will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735144
Bug ID: 1735144
Summary: eclipse-m2e-sisu: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-m2e-sisu
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-m2e-sisu failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633157
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-m2e-sisu at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-m2e-sisu will be orphaned. Before branching of Fedora 32,
eclipse-m2e-sisu will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735143
Bug ID: 1735143
Summary: eclipse-m2e-plexus: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-m2e-plexus
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-m2e-plexus failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633156
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-m2e-plexus at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-m2e-plexus will be orphaned. Before branching of Fedora 32,
eclipse-m2e-plexus will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735142
Bug ID: 1735142
Summary: eclipse-m2e-modello: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-m2e-modello
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-m2e-modello failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633154
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-m2e-modello at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-m2e-modello will be orphaned. Before branching of Fedora 32,
eclipse-m2e-modello will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735136
Bug ID: 1735136
Summary: eclipse-m2e-cxf: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-m2e-cxf
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-m2e-cxf failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633141
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-m2e-cxf at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-m2e-cxf will be orphaned. Before branching of Fedora 32,
eclipse-m2e-cxf will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735132
Bug ID: 1735132
Summary: eclipse-m2e-antlr: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-m2e-antlr
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-m2e-antlr failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633093
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-m2e-antlr at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-m2e-antlr will be orphaned. Before branching of Fedora 32,
eclipse-m2e-antlr will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735124
Bug ID: 1735124
Summary: eclipse-emf: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-emf
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-emf failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36632982
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-emf at your earliest convenience and set the bug's status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-emf will be orphaned. Before branching of Fedora 32,
eclipse-emf will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1735130
Bug ID: 1735130
Summary: eclipse-license: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-license
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
mat.booth(a)redhat.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-license failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36633079
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-license at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-license will be orphaned. Before branching of Fedora 32,
eclipse-license will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.