N/A

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. The default server behavior on jetty-distribution and jetty-home will include at the end of the Handler tree a DefaultHandler, which is responsible for reporting this 404 error, it presents the various configured contexts as HTML for users to click through to. This produced HTML includes output that contains the configured fully qualified directory base resource location for each context.

N/A

故意性的信息暴露

Eclipse Jetty 信息泄露漏洞

Eclipse Jetty是Eclipse基金会的一个开源的、基于Java的Web服务器和Java Servlet容器。 Eclipse Jetty中存在信息泄露漏洞。攻击者可利用该漏洞泄露信息。以下版本受到影响：Eclipse Jetty 7.x版本，8.x版本，9.2.27及之前版本，9.3.26及之前版本，9.4.16及之前版本。

N/A

N/A