How severe is CVE-2018-12536?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2018-12536?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2018-12536 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.

Related Vulnerabilities

CVE-2013-6879

MEDIUM

CVSS:5.3(Medium)

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation pat...

CWE-2092013

CVE-2018-1073

MEDIUM

CVSS:5.3(Medium)

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user account...

CWE-2092018

CVE-2018-14907

MEDIUM

CVSS:5.3(Medium)

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.

CWE-2092018

CVE-2019-1020013

MEDIUM

CVSS:5.3(Medium)

parse-server before 3.6.0 allows account enumeration.

CWE-2092019

CVE-2019-11602

MEDIUM

CVSS:5.3(Medium)

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the...

CWE-2092019

CVE-2019-12156

MEDIUM

CVSS:5.3(Medium)

Server metadata could be exposed because one of the error messages reflected the whole response back to the client in JetBrains TeamCity versions before 2018.2.5 and UpSource versions before 2018.2 bu...

CWE-2092019