Vulnerability Details : CVE-2018-12536
In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.
Products affected by CVE-2018-12536
- cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
- cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12536
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2018-12536
-
The product generates an error message that includes sensitive information about its environment, users, or associated data.Assigned by: emo@eclipse.org (Secondary)
References for CVE-2018-12536
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020
-
https://security.netapp.com/advisory/ntap-20181014-0001/
September 2018 Eclipse Jetty Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Page not found | OraclePatch;Third Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03953en_us
HPESBST03953 rev.1 - HPE Command View Advanced Edition (CVAE), Multiple VulnerabilitiesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html
[SECURITY] [DLA 2661-1] jetty9 security update
-
https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670
535670 – (CVE-2018-12536) Jetty: CVE Request: InvalidPathException messageVendor Advisory
-
http://www.securitytracker.com/id/1041194
Jetty Multiple Flaws Let Remote Users Conduct HTTP Request Smuggling and Session Hijacking Attacks and Determine the Installation Path - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E
Mailing List;Third Party Advisory
Jump to