Jetty Vulnerabilities in Coldfusion 2011

Forum|Forum|7 years ago
February 1, 2019
2 replies
297 views

During a vulnerability scan, my ColdFusion 2011 server was identified as having several Eclipse Jetty vulnerabilities (version 9.0.7.v20131107). Will CF v11 be updated to address these? Or, will I have to manually upgrade Jetty to the secured version -- and if so, how?

This topic has been closed for replies.

D

Dave Watts

Community Expert

You might just be able to use your local server's host-based firewall functionality to block connections to Jetty from remote machines. See what ports are vulnerable from your scan, then block those so that they are only accessible from localhost.

Dave Watts, Eidolon LLC

D

Dave Watts

Community Expert

Also - I forgot to mention this - CF 11 is the oldest supported version of ColdFusion, so fixes to Jetty may be slow in coming. But you could still go to the Adobe bug tracker and look there for open bugs, or create one yourself.

Dave Watts, Eidolon LLC

K

Kaloyant_TsAuthor

Participant

All suggested secured versions are:

9.3.24.v20180605
9.3.25.v20180904
9.4.13.v20181111
9.4.14.v20181114

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded