Jetty Vulnerabilities CVE-2019-10247 and CVE-2019-10241

book

Article ID: 143856

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

The security team has detected the following vulnerabilities on the environments where APM is installed on and would like to know whether they are affected:

Vulnerability Details : CVE-2019-10241

Vulnerability Details : CVE-2019-10247

Environment

APM 10.7.0

 

Resolution

These vulnerabilities are only applicable if jetty directory listing is enabled, however, by default, APM disables directory listing and doesn't provide any configuration to enable this. In conclusion, these vulnerabilities are not applicable to APM or APM is not affected by these vulnerabilities.