{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2018-12536","title":"Title"},{"category":"description","text":"In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2018-12536","url":"https://www.suse.com/security/cve/CVE-2018-12536"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1139759 for CVE-2018-12536","url":"https://bugzilla.suse.com/1139759"}],"title":"SUSE CVE CVE-2018-12536","tracking":{"current_release_date":"2025-01-10T03:59:54Z","generator":{"date":"2023-04-18T23:27:05Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2018-12536","initial_release_date":"2023-04-18T23:27:05Z","revision_history":[{"date":"2023-04-18T23:27:05Z","number":"2","summary":"Current version"},{"date":"2024-09-09T04:21:44Z","number":"3","summary":"Current version"},{"date":"2025-01-01T07:35:32Z","number":"4","summary":"Current version"},{"date":"2025-01-10T03:59:54Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}