An update for jetty is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-2149 Final 1.0 1.0 2022-12-24 Initial 2022-12-24 2022-12-24 openEuler SA Tool V1.0 2022-12-24 jetty security update An update for jetty is now available for openEuler-22.03-LTS. %global desc \ Jetty is a 100% Java HTTP Server and Servlet Container. This means that you\ do not need to configure and run a separate web server (like Apache) in order\ to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully\ featured web server for static and dynamic content. Unlike separate\ server/container solutions, this means that your web server and web\ application run in the same process, without interconnection overheads\ and complications. Furthermore, as a pure java component, Jetty can be simply\ included in your application for demonstration, distribution or deployment.\ Jetty is available on all Java supported platforms. \ %global extdesc \\ \ This package contains Security Fix(es): In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.(CVE-2019-10241) An update for jetty is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium jetty https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2149 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2019-10241 https://nvd.nist.gov/vuln/detail/CVE-2019-10241 openEuler-22.03-LTS jetty-javadoc-9.4.16-1.oe2203.noarch.rpm jetty-http-9.4.16-1.oe2203.noarch.rpm jetty-jmx-9.4.16-1.oe2203.noarch.rpm jetty-websocket-client-9.4.16-1.oe2203.noarch.rpm jetty-jaspi-9.4.16-1.oe2203.noarch.rpm jetty-osgi-alpn-9.4.16-1.oe2203.noarch.rpm jetty-osgi-boot-jsp-9.4.16-1.oe2203.noarch.rpm jetty-cdi-9.4.16-1.oe2203.noarch.rpm jetty-alpn-server-9.4.16-1.oe2203.noarch.rpm jetty-unixsocket-9.4.16-1.oe2203.noarch.rpm jetty-javax-websocket-server-impl-9.4.16-1.oe2203.noarch.rpm jetty-alpn-client-9.4.16-1.oe2203.noarch.rpm jetty-javax-websocket-client-impl-9.4.16-1.oe2203.noarch.rpm jetty-maven-plugin-9.4.16-1.oe2203.noarch.rpm jetty-deploy-9.4.16-1.oe2203.noarch.rpm jetty-proxy-9.4.16-1.oe2203.noarch.rpm jetty-server-9.4.16-1.oe2203.noarch.rpm jetty-http2-common-9.4.16-1.oe2203.noarch.rpm jetty-jndi-9.4.16-1.oe2203.noarch.rpm jetty-util-ajax-9.4.16-1.oe2203.noarch.rpm jetty-http2-http-client-transport-9.4.16-1.oe2203.noarch.rpm jetty-annotations-9.4.16-1.oe2203.noarch.rpm jetty-osgi-boot-9.4.16-1.oe2203.noarch.rpm jetty-spring-9.4.16-1.oe2203.noarch.rpm jetty-fcgi-client-9.4.16-1.oe2203.noarch.rpm jetty-continuation-9.4.16-1.oe2203.noarch.rpm jetty-websocket-common-9.4.16-1.oe2203.noarch.rpm jetty-osgi-boot-warurl-9.4.16-1.oe2203.noarch.rpm jetty-http2-hpack-9.4.16-1.oe2203.noarch.rpm jetty-http2-server-9.4.16-1.oe2203.noarch.rpm jetty-webapp-9.4.16-1.oe2203.noarch.rpm jetty-quickstart-9.4.16-1.oe2203.noarch.rpm jetty-nosql-9.4.16-1.oe2203.noarch.rpm jetty-9.4.16-1.oe2203.noarch.rpm jetty-http2-client-9.4.16-1.oe2203.noarch.rpm jetty-websocket-server-9.4.16-1.oe2203.noarch.rpm jetty-httpservice-9.4.16-1.oe2203.noarch.rpm jetty-ant-9.4.16-1.oe2203.noarch.rpm jetty-jaas-9.4.16-1.oe2203.noarch.rpm jetty-jsp-9.4.16-1.oe2203.noarch.rpm jetty-rewrite-9.4.16-1.oe2203.noarch.rpm jetty-servlets-9.4.16-1.oe2203.noarch.rpm jetty-project-9.4.16-1.oe2203.noarch.rpm jetty-servlet-9.4.16-1.oe2203.noarch.rpm jetty-xml-9.4.16-1.oe2203.noarch.rpm jetty-jstl-9.4.16-1.oe2203.noarch.rpm jetty-jspc-maven-plugin-9.4.16-1.oe2203.noarch.rpm jetty-http-spi-9.4.16-1.oe2203.noarch.rpm jetty-util-9.4.16-1.oe2203.noarch.rpm jetty-io-9.4.16-1.oe2203.noarch.rpm jetty-client-9.4.16-1.oe2203.noarch.rpm jetty-infinispan-9.4.16-1.oe2203.noarch.rpm jetty-plus-9.4.16-1.oe2203.noarch.rpm jetty-fcgi-server-9.4.16-1.oe2203.noarch.rpm jetty-security-9.4.16-1.oe2203.noarch.rpm jetty-websocket-api-9.4.16-1.oe2203.noarch.rpm jetty-websocket-servlet-9.4.16-1.oe2203.noarch.rpm jetty-start-9.4.16-1.oe2203.noarch.rpm jetty-9.4.16-1.oe2203.src.rpm In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. 2022-12-24 CVE-2019-10241 openEuler-22.03-LTS Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N jetty security update 2022-12-24 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-2149