• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Jetty Vulnerabilities in Coldfusion 2011

New Here ,
Feb 01, 2019 Feb 01, 2019

Copy link to clipboard

Copied

During a vulnerability scan, my ColdFusion 2011 server was identified as having several Eclipse Jetty vulnerabilities (version 9.0.7.v20131107).  Will CF v11 be updated to address these?  Or, will I have to manually upgrade Jetty to the secured version -- and if so, how?

Views

234

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 01, 2019 Feb 01, 2019

Copy link to clipboard

Copied

All suggested secured versions are:

  • 9.3.24.v20180605
  • 9.3.25.v20180904
  • 9.4.13.v20181111
  • 9.4.14.v20181114

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 02, 2019 Feb 02, 2019

Copy link to clipboard

Copied

You might just be able to use your local server's host-based firewall functionality to block connections to Jetty from remote machines. See what ports are vulnerable from your scan, then block those so that they are only accessible from localhost.

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 02, 2019 Feb 02, 2019

Copy link to clipboard

Copied

LATEST

Also - I forgot to mention this - CF 11 is the oldest supported version of ColdFusion, so fixes to Jetty may be slow in coming. But you could still go to the Adobe bug tracker and look there for open bugs, or create one yourself.

Dave Watts, Eidolon LLC

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation